Identity Information
Viewing information of a user
- Navigate to the Users Admin Page (https://www.theidentityhub.com/{tenant}/Admin/Identity) of your Tenant. If you don't have a Tenant yet, you can register one for free.
- You will see a paged list of users. Search for the user for whom you want to see the information.
- Click the user to go to the detail page.
Available information
The information is the identity information provisioned from the (different) account(s) of the user, or as edited by the user on his/her profile page. For information on how to get information of a user in your application see The Identity Hub REST API
The following information is available via The Identity Hub UI:
General
| Information | Description |
|---|---|
| Displayname | The displayname of the user. Next to the displayname can optionally be the following icon: - : indicates that the user is archived. |
| Unique Id | The unique id of the user in The Identity Hub. Never reused. |
| Username | Only listed if the user has a Username/Password Account. The login name of the user. |
| Given name | The given name of the user. |
| Surname | The surname of the user. |
| Email address | The email address of the user. Can be used for multi-factor authentication. |
| Telephone number | The telephone number of the user. Can be used for multi-factor authentication. |
| Created | The date and time the user was created in The Identity Hub. |
| Last successful login | The date and time of the last successful login. |
Claims
This section gives a basic overview of claims for the identity. An IAM admin will have the possibility to switch to an advanced overview. The advanced overview will group the claims per issuer they originated from. These issuers are sorted to follow the same precedence as applied by The Identity Hub.
| Information | Description |
|---|---|
| Icon | Indicates where the claim was obtained from:
|
| Claim type | The claim type. Indicates what the claim is about. |
| Claim value | The claim value. |
Warning
If there are multiple claims of the same type, e.g. Name, then the claims issued by the Identity Hub will get a higher precedence when passing claims of this type to apps. To prevent users modifying their profile, and thus having information flow as provided by the (single) IDP, make sure to configure the "User can edit profile" setting correctly for the related account provider.
Password
This section is only available if the user is linked to an Hub account and allows to trigger a reset password flow.
Security information
This section gives more information about the security options of the user. The section is only visible to administrators that are at least Service Desk admin (see Managing The Identity Hub).
| Information | Description |
|---|---|
| MFA configured | Indicates whether the user has multi-factor authentication configured. |
| Failed MFA attempts | The number of failed MFA attempts of the user since last successful logon. Next to this, a value between brackets illustrates the maximum number of attempts allowed on this tenant. This is not shown when there are no failed attempts. |
| Last failed MFA attempts | Date and time of the last failed MFA attempt of the user since last successful logon. This is not shown when there are no failed attempts. |
| Locked out until | Date and time until when the user is locked out of MFA because of surpassing the maximum allowed number of MFA attempts. When this value is in the past (green), the user is no longer locked out of MFA but has not successfully logged on yet. When this value is in the future, the user is locked out of MFA and has to wait until this time (red). |
When the user has an Authenticator App configured, there will be an option to reset it, allowing the user to reconfigure it.
This can be used when the user no longer has access to his/her mobile device or lost the configuration that was stored in the app.
Resetting the MFA for a user is audited.
Location
Get an overview of known locations the user authenticated from. This information is only captured when configured on the tenant and consented by the user.
Accounts
Get an overview of the accounts linked to the user.
Roles
Get an overview of the roles of the user. See Roles.