FAQ
ForgeRock Identity Cloud

FAQ: Identity Cloud hosted End User UI

Last updated Jan 5, 2022

The purpose of this FAQ is to provide answers to commonly asked questions regarding the Identity Cloud hosted End User UI.


Frequently asked questions

Q. How do I add Account Controls to the end user's Profile page?

A. You can configure the Identity Cloud hosted End User UI to display Account Controls on the Profile page. This allows end users to download or delete their own account data. By default, Account Controls are hidden from end users.

To display Account Controls on the Profile page:

  1. In the Identity Cloud Admin UI, navigate to Hosted Pages.
  2. Click the theme that is being used as the realm default.
  3. Navigate to Account Pages > Layout and select Account Controls.
  4. Click Save.

Account Controls are now displayed on the Profile page. 

Q. How do I remove the Edit Personal Info button from the end user's Profile page?

A. By default, the Identity Cloud hosted End User UI displays the Edit Personal Details button on the Profile page. This allows end users to edit personal information such as their last name, address, email address, and telephone number. You can configure the Identity Cloud hosted UI to hide the Edit Personal Details button if you do not want to allow end users to edit their own personal details.

To hide the Edit Personal Info button from the Profile page:

  1. In the Identity Cloud Admin UI, navigate to Hosted Pages.
  2. Click the theme that is being used as the realm default.
  3. Navigate to Account Pages > Layout and deselect Personal Information.
  4. Click Save.

The Edit Personal Info button is no longer displayed on the Profile page.

Q. How do I stop end users updating specific details in their Profile such as username?

A. You can make individual user profile attribute(s) not viewable or editable if required. When you do this, the selected properties cannot be changed by the user via the End User UI or REST API calls.

See How do I prevent users viewing and editing their profile attributes in the End User UI for Identity Cloud or IDM 7.x? for further information. 

Q. Why is a different login journey displayed when an end user logs out of the Profile page?

A. The login journey displayed when an end user clicks Sign out from the Profile page is the default login journey configured for that realm. See Default end user journey for further information. You can change the default login journey in the realm to control which login journey is displayed.

If the user logged in with a non-default login journey, then they will see a different login journey when they log out. The login journey being used is shown in the authIndexValue parameter in the login URL.

Q. Can end users add a picture to their Profile page?

A. Yes, end users can add an image or photo to their Profile page in the Identity Cloud hosted End User UI. Profile pictures must be either .png or .jpg format, and should have equal width and height.

To enable end users to add a picture to their Profile page:

  1. In the Identity Cloud Admin UI, navigate to Native Consoles > Identity Management > Configure > Managed Objects > [User type Managed Object].
  2. Click Add a Property.
  3. Enter the following details:
    • Name: Enter profileImage
    • Label: Optionally enter a readable label, for example, Profile Image
    • Type: Select String
  4. Click Save.

End users now have the ability to add a profile picture by clicking the camera icon on the Profile page and entering the URL to where the image is hosted. 

Q. Can I configure the hosted end user UI to redirect users to a specific URL after they sign out?

A. Yes. You can specify the URL that end users are redirected to after they log out, by adding an optional claim called post_logout_url to the OIDC ID token that is issued during an OIDC flow. To do this you'll need to edit the OIDC Claims Script in Identity Cloud, as follows:

  1. In the Identity Cloud Admin UI, navigate to Scripts > OIDC Claims Script.
  2. Edit the script:
    • In the utils.setScopeClaimsMap section, add the post_logout_url claim to an existing scope. This section would look similar to this if you added the claim to the fr:idm:* scope:utils.setScopeClaimsMap( {        profile: [             'name',             'family_name',             'given_name',             'zoneinfo',             'locale'         ],         email: ['email'],         address: ['address'],         phone: ['phone_number'],         'fr:idm:*': ['post_logout_url']     });
    • In the utils.setClaimResolvers section, add mapping details for the post_logout_url claim including the URL where you want to redirect users on logout. This section would look similar to this (with comments removed) if you were redirecting users to https://example.com:utils.setClaimResolvers({        name: utils.getUserProfileClaimResolver('cn'),         family_name: utils.getUserProfileClaimResolver('sn'),         given_name: utils.getUserProfileClaimResolver('givenname'),         zoneinfo: utils.getUserProfileClaimResolver('preferredtimezone'),         locale: utils.getUserProfileClaimResolver('preferredlocale'),         email: utils.getUserProfileClaimResolver('mail'),         address: utils.getAddressClaimResolver(             utils.getUserProfileClaimResolver('postaladdress')         ),         phone_number: utils.getUserProfileClaimResolver('telephonenumber'),         post_logout_url: function (requestedClaim) {             return '<https://example.com>';         }     });

The post_logout_url claim will be added to all clients that request the scope specified in the utils.setScopeClaimsMap section (the fr:idm:* scope in this example).

  1. Click Save.
  2. Navigate to Native Consoles > Access Management > Services > OAuth2 Provider > Advanced OpenID Connect and make sure the Always Return Claims in ID Tokens option is enabled.

End users are now redirected to the specified URL after logout or session termination. 

See Also

Identity Cloud Hosted Pages

How do I prevent users viewing and editing their profile attributes in the End User UI for Identity Cloud or IDM 7.x?


Copyright and Trademarks Copyright © 2022 ForgeRock, all rights reserved.