How To
ForgeRock Identity Platform
ForgeRock Identity Cloud

How do I prevent users viewing and editing their profile attributes in the end-user platform UI for Identity Cloud or IDM 7.x?

Last updated Aug 18, 2021

The purpose of this article is to provide information on making individual user profile attributes not editable in Identity Cloud or IDM to prevent users from changing their profile attributes in the end-user platform UI. A common profile attribute to make not editable is the username.


Making individual user profile attributes not editable

You can make selected user profile attribute(s) not viewable or editable if required. When you do this, the selected properties cannot be changed by the user via the end-user platform UI or REST API calls.

To make a user profile attribute not editable:

  1. Select the attribute (property) that you want to make not editable:
    • Identity Cloud Admin UI: navigate to Native Consoles > Identity Management > Configure > Managed Objects > [User type Managed Object] and click the name of the required attribute.
    • IDM Admin UI: navigate to Configure > Managed Objects > [User type Managed Object] and click the name of the required attribute.
  2. Click Show advanced options on the Details tab.
  3. Deselect the User Editable option and click Save.

For example, if you don't want a user in the Alpha realm (Identity Cloud) to be able to change their username, the property details would look similar to this once you update them:

Note

In IDM, you can update a property in the managed.json file (located in the /path/to/idm/conf directory) as an alternative to using the Admin UI. Locate the required property and change userEditable to false. For example:

            "userName" : {                         "title" : "Username",                         "description" : "Username",                         "viewable" : true,                         "type" : "string",                         "searchable" : true,                         "userEditable" : false,

Verifying your change

You can check if your change has been successful as follows:

  1. Navigate to the end-user platform UI in a browser using Incognito or Browsing mode. You can find the URL for a login journey in Identity Cloud as follows:
    1. In the Identity Cloud Admin UI, navigate to Journeys.
    2. Click the required login journey.
    3. Copy the Preview URL and paste into a browser using Incognito or Browsing mode.
  2. Log in as a valid end user.
  3. Click Edit Your Profile.
  4. Click Edit Personal Info.

You will notice the field you changed (Username in this example) is no longer displayed and therefore cannot be changed.

See Also

End-user UI Options


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.
Loading...