Teria, I recently had another customer asking a similar question around roles which allows you to configure them with your own _id just like organizations in the Cloud:
Example Role TestDan creates no issue:
curl 'https://<tenant-url>/openidm/managed/alpha_role?_action=create' \-H 'content-type: application/json' \-H 'authorization: Bearer <Access-Token>--data-raw '{"_id":"TestDan","name":"TestDan","condition":"/mail pr","description":"TestDan"}' \--compressed
However when it comes to creating a custom _ID it is supported when you are running the OnPrem IDM.
Docs example:
https://backstage.forgerock.com/docs/idm/7.4/objects-guide/users.html#add_a_user_with_a_specific_user_id
However in Identity Cloud this is not not supported, and requires you to use a UUID and have been advised by the engineer group you would hit problems.
https://backstage.forgerock.com/docs/idcloud/latest/idm-objects/users.html#add_a_user_with_a_specific_user_id
If you try try to create a user with a custom ID it will fail:
Example:
curl 'https://<tenant-url>/openidm/managed/alpha_user?_action=create' \
-H 'authorization: Bearer <VALID-TOKEN>' \
-H 'content-type: application/json' \
--data-raw $'{"_id": "dadams","userName":"dadams","givenName":"Dan","sn":"Adams","mail":"daniel@example.com","password":"Abc!#32sd4u0021"}' \
--compressed
Will Result in the following Message: (All UUID values must have a length of exactly 36 bytes)
{"code":400,"reason":"Bad Request","message":"Invalid Attribute Syntax: Entry "fr-idm-uuid=dadamsid,ou=user,o=alpha,o=root,ou=identities" contains a value "dadamsid" for attribute fr-idm-uuid that is invalid according to the syntax for that attribute: The provided value "dadamsid" has an invalid length for a UUID. All UUID values must have a length of exactly 36 bytes, but the provided value had a length of 8 bytes","detail":{"passwordQualityAdvice":{"attributeType":"userPassword","passingCriteria":[{"type":"length-based","parameters":{"max-password-length":0,"min-password-length":8}},{"type":"attribute-value","parameters":{"min-substring-length":5,"match-attributes":["givenName","mail","sn","uid"],"check-substrings":true,"test-reversed-password":true}},{"type":"character-set","parameters":{"min-character-sets":0,"character-sets":["1:0123456789","1:ABCDEFGHIJKLMNOPQRSTUVWXYZ","1:abcdefghijklmnopqrstuvwxyz","1:~!@#$%^&*()-_=+[]{}|;:,.<>/?"'\\`"],"allow-unclassified-characters":true,"character-set-ranges":[]}}],"failingCriteria":[]}}}%
I can generate my Own ID with a valid 36 character UUID → Example (67219797-2fb2-40f3-91af-0e20f5bc52f8):
curl 'https://<Tenant-URL>/openidm/managed/alpha_user?_action=create' \
-H 'authorization: Bearer <Access-Token>' \
-H 'content-type: application/json' \
--data-raw $'{"_id": "67219797-2fb2-40f3-91af-0e20f5bc52f8","userName":"dadamsid","givenName":"Dan","sn":"Adams","mail":"danielid@example.com","password":"P@55w0rd\u0021"}' \
--compressed
When the above cloud doc was first published it did mention the same format as On Prem but was removed in the following Jira as its not possible:
-
OPENIDM-18436 Update docs to remove/update the section around creating users with user defined IDs
-
OPENIDM-18520 DOC: Use readable variables for object UUIDs and _ref ids which is related to internal FORGEROCK-1128 DOC: Use readable variables for object UUIDs and _ref ids. You can track this RFE using issues tracker here →
https://backstage.forgerock.com/knowledge/kb/article/a40168716
Again, this is working as currently designed and not available in the cloud at this time
