FAQ: Identity Cloud hosted End User UI
The purpose of this FAQ is to provide answers to commonly asked questions regarding the ForgeRock Identity Cloud hosted End User UI.
Frequently asked questions
- Q. How do I add Account Controls to the end user's Profile page?
- Q. How do I remove the Edit Personal Info button from the end user's Profile page?
- Q. How do I stop end users updating specific details in their Profile such as username?
- Q. Why is a different login journey displayed when an end user logs out of the Profile page?
- Q. Can end users add a picture to their Profile page?
- Q. Can I configure the hosted end user UI to redirect users to a specific URL after they sign out?
Q. How do I add Account Controls to the end user's Profile page?
To display Account Controls on the Profile page:
- In the Identity Cloud admin UI, go to Hosted Pages.
- Click the theme that is being used as the realm default.
- Go to Account Pages > Layout and select Account Controls.
- Click Save.
Account Controls are now displayed on the Profile page.
Q. How do I remove the Edit Personal Info button from the end user's Profile page?
To hide the Edit Personal Info button from the Profile page:
- In the Identity Cloud admin UI, go to Hosted Pages.
- Click the theme that is being used as the realm default.
- Go to Account Pages > Layout and deselect Personal Information.
- Click Save.
The Edit Personal Info button is no longer displayed on the Profile page.
Q. How do I stop end users updating specific details in their Profile such as username?
A. You can make individual user profile attribute(s) not viewable or editable if required. When you do this, the selected properties cannot be changed by the user via the End User UI or REST API calls.
See How do I prevent users viewing and editing their profile attributes in the End User UI for Identity Cloud or IDM (All versions)? for further information.
Q. Why is a different login journey displayed when an end user logs out of the Profile page?
If the user logged in with a non-default login journey, then they will see a different login journey when they log out. The login journey being used is shown in the authIndexValue parameter in the login URL.
Q. Can end users add a picture to their Profile page?
A. Yes, end users can add an image or photo to their Profile page in the Identity Cloud hosted End User UI by clicking the camera icon on the Profile page and entering the URL to where the image is hosted. Profile pictures must be either .png or .jpg format, and should have equal width and height.
The URL entered for the image is stored in the Profile Image (profileImage
) property, which exists by default in most tenants. If this property is missing, you should raise a ticket via Backstage to request it is added.
Q. Can I configure the hosted end user UI to redirect users to a specific URL after they sign out?
- In the Identity Cloud admin UI, go to Scripts > Auth Scripts > OIDC Claims Script.
- Edit the script:
- In the
utils.setScopeClaimsMap
section, add the post_logout_url claim to an existing scope. This section would look similar to this if you added the claim to the fr:idm:* scope:utils.setScopeClaimsMap( { profile: [ 'name', 'family_name', 'given_name', 'zoneinfo', 'locale' ], email: ['email'], address: ['address'], phone: ['phone_number'], 'fr:idm:*': ['post_logout_url'] }); - In the
utils.setClaimResolvers
section, add mapping details for the post_logout_url claim including the URL where you want to redirect users on logout. This section would look similar to this (with comments removed) if you were redirecting users to https://example.com:utils.setClaimResolvers({ name: utils.getUserProfileClaimResolver('cn'), family_name: utils.getUserProfileClaimResolver('sn'), given_name: utils.getUserProfileClaimResolver('givenname'), zoneinfo: utils.getUserProfileClaimResolver('preferredtimezone'), locale: utils.getUserProfileClaimResolver('preferredlocale'), email: utils.getUserProfileClaimResolver('mail'), address: utils.getAddressClaimResolver( utils.getUserProfileClaimResolver('postaladdress') ), phone_number: utils.getUserProfileClaimResolver('telephonenumber'), post_logout_url: function (requestedClaim) { return '<https://example.com>'; } });
- In the
The post_logout_url claim will be added to all clients that request the scope specified in the utils.setScopeClaimsMap
section (the fr:idm:* scope in this example).
- Click Save and Close.
- Go to Native Consoles > Access Management > Services > OAuth2 Provider > Advanced OpenID Connect and make sure the Always Return Claims in ID Tokens option is enabled.
End users are now redirected to the specified URL after logout or session termination.