Add a User

CORE can manage the access control attributes for users (in the ACCESS application) but it requires that the users are already provisioned in an identity management provider (IDP). For stand-alone deployments, where no IDP is used, CORE can use Keycloak to provision users.

User Management

User management is outside the scope of Telicent CORE. CORE integrates with existing Identity Providers. To make users “CORE eligible”, they must be added to a Telicent Role. These roles are:

  • tc-read: User apps (SEARCH, GRAPH) authorization, with the ability to read data from the APIs
  • tc-admin: Admin apps authorization, such as ACCESS.

Once these roles have been assigned a user has the ability to access CORE and navigate to one or more UIs. They also have the ability to query API’s providing they have their authentication in place.

Administrators can navigate directly to Telicent ACCESS, however tc-read Users require to be enrolled into ACCESS and the platform.

User Enrollment

User enrollment in CORE occurs through a registration in Telicent ACCESS. This is achieved by calling /api/access/whoami with an authenticated user (with the tc-user role). This can either be done:

  • Directly, via a GET request
  • Navigating to one of the applications, each application is setup to check the user and if an authenticated user does not exist within ACCESS, they will be created.

When a user is registered, an inactive profile is created in ACCESS with no entitlements. At this stage, the user will be notified within the UI that they require an administrator to set their attributes and activate their profile before they can see any data.

Configuring a User

It is worth noting that prior to the enrolment step there will be no representation of the user in ACCESS.

Upon the enrolment of a user, a skeleton user is created - this is an inactive user with no attributes. There will be details provided by the users access token, such as email, possibly username and a reference to the user’s IdP ID (called the externalId). The user cannot access any data within the platform until both of the following conditions are met:

  • a complete set of attributes is provide by an administrator
  • the user is activated by an administrator

The full specification of details required about the user is shown in the User Attribute section of the Telicent Handling Model.

[EARLY DRAFT RELEASE] Copyright 2020-2025 Telicent Limited. All rights reserved