Identity Cloud

Manage users and roles

The Users & Roles tab show all users and roles assigned to an application either through a role or direct assignment.

Use the tab to manage and view the end users in your organization that can access applications. After you establish the server connection, you can use Identity Cloud to add, edit, and remove users directly from the application. To make it easier to set up access for groups of end users, you can create roles with specific access privileges and assign them to the appropriate end users.

You can assign a user or role to an OIDC or SAMLv2 application without setting up mappings or provisioning.

Add a user to a target application

  1. On the Users & Roles tab, click Users.

  2. Click Assign Users.

  3. In the Members drop-down field, select an end user.

  4. Click Next.

  5. Specify the account details as they should exist in the external system for the user.

  6. Click Assign.

Add a role to an application

  1. On the Users & Roles tab, click Roles.

  2. Click Assign Roles.

  3. In the Roles drop-down field, choose a role.

  4. If one or more properties are not set as 'user-specific', specify account details as they should exist in the external system. For instructions about how to set or unset a property as 'user-specific', see Add or edit a property.

  5. Click Assign.

View an end-user account

The Assignment column shows how a user is assigned to an application:

  • Direct: The user is assigned directly to an application.

  • Role-based: The user is part of a role assigned to the application.

You can view information about a user account that has access to an application.

  1. On the Users & Roles tab, click Users.

  2. Click an end user.

You cannot directly edit a user who was added to an application via a role.

Remove an end user from an application

  1. On the Users & Roles tab, click Users.

  2. To the right of the user, click the ellipsis (…​).

  3. Select Revoke.

You cannot directly revoke a user from an application if the user was added via a role. In this case, to revoke the user, remove the user from the role.

Remove a role from an application

  1. On the Users & Roles tab, click Roles.

  2. To the right of the role, click the ellipsis (…​).

  3. Select Revoke.

Copyright © 2010-2023 ForgeRock, all rights reserved.