We got the requirement that admin user (tenant admin) / the user admin who logged in with the authority to create new alpha user, while creating it we need to record who created this particular account (CREATED BY) and store that value.
Currently I am working on achieving it through event hooks but I don’t know how to access the user detail who created it.
Need help in this. Thanks in advance!
This information can be sourced from the Audit logs, where it is recorded for you. Why duplicate the effort or waste cycles persisting this data in the persistent data store?
First of all thank you for ur response!
I understand that but the requirement is we need to push back this information to remote Identity as a value in attribute. That’s the reason we need to achieve this.
Thank you for the update. Yes, the identity ReST API would of course have access to the identity in question. The repository api can be used to publish the additional information into a persistence store, and either the claims script or )(my preference) the policy engine can source these properties and include them as claims within your tokens.
Don’t forget to extend the schema of the DS to accommodate your new attribute, prior to this.
Hi @grpensa ,
Thank you so much for ur response. But if I get any sample script to implement this requirement it would do a great help since I am new to this implementation.
Thanks in advance.
Hi @ajaykumar_suri ,
I am not familiar with this, so your suggesting to get it from context/request right.
For e.g.,
object.created_by = session.username; something like this?
As explained by @ajaykumar_suri, the way is to inspect the context from the onCreate/onUpdate event hooks (just log it). The context includes a security context, which might well have the information you need,
Hi @Suriya,
As an example, in the User managed object schema definition, in the Script tab, select the OnCreate event and add the following inline script:
Note that authentcationID is a numberID you may add a search idm to get the actual userName of the admin user. See below an example for P1AIC.
var user = openidm.read('managed/teammember/'+context.parent.parent.parent.parent.authenticationId);
object.frUnindexedString4= "Created by: "+user.userName;
Thank you so much for your response. Through this I can able to capture the authenticationid of admin who creates account in Identity cloud platform UI.
But when I try to capture it in end user page of admin… for e.g., user who has internal role as idm-admin have permission to create the account. It is not able to capture authid through the code ur provided.
It seems that @stephane.orluc has resolved your original query regarding, How to record admin user id/name in newly provisioned user account?. I’m glad we could help with that!
Please let us know if the example provided also resolves your inquiry re: trying to capture it in the end-user page of admin UI.
A safe implementation is to implement a recursive function that inspect the parent class , going up again until the security context is found, then print the authenticationId.