How To
ForgeRock Identity Platform
ForgeRock Identity Cloud

How do I prevent users viewing and editing their profile attributes in the End User UI for Identity Cloud or IDM 7.x?

Last updated Mar 3, 2022

The purpose of this article is to provide information on making individual user profile attributes not editable in ForgeRock Identity Cloud or IDM to prevent users from changing their profile attributes in the End User UI. A common profile attribute to make not editable is the username. For IDM, this article applies to the platform End User UI, which is not the same as the standalone IDM End User UI.


Making individual user profile attributes not editable

You can make selected user profile attribute(s) not viewable or editable if required. When you do this, the selected properties cannot be changed by the user via the End User UI or REST API calls.

To make a user profile attribute not editable:

  1. Select the attribute (property) that you want to make not editable:
    • Identity Cloud Admin UI: navigate to Native Consoles > Identity Management > Configure > Managed Objects > [User type Managed Object] and click the name of the required attribute.
    • IDM Admin UI: navigate to Configure > Managed Objects > [User type Managed Object] and click the name of the required attribute.
  2. Click Show advanced options on the Details tab.
  3. Deselect the User Editable option and click Save.

For example, if you don't want a user in the Alpha realm (Identity Cloud) to be able to change their username, the property details would look similar to this once you update them:

Note

In IDM, you can update a property in the managed.json file (located in the /path/to/idm/conf directory) as an alternative to using the Admin UI. Locate the required property and change userEditable to false. For example:

          "userName" : {                         "title" : "Username",                         "description" : "Username",                         "viewable" : true,                         "type" : "string",                         "searchable" : true,                         "userEditable" : false,

Verifying your change

You can check if your change has been successful as follows:

  1. Navigate to the End User UI in a browser using Incognito or Browsing mode. You can find the URL for a login journey in Identity Cloud as follows:
    1. In the Identity Cloud Admin UI, navigate to Journeys.
    2. Click the required login journey.
    3. Copy the Preview URL and paste into a browser using Incognito or Browsing mode.
  2. Log in as a valid end user.
  3. Click Edit Your Profile.
  4. Click Edit Personal Info. 

You will notice the field you changed (Username in this example) is no longer displayed and therefore cannot be changed.

See Also

FAQ: Identity Cloud hosted End User UI

UI Integration Options for Identity Cloud

Deploy the Platform UIs


Copyright and Trademarks Copyright © 2022 ForgeRock, all rights reserved.