/
Configuring Users

This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Configuring Users

Aug 29, 2017

To enable users to log into the IS Management Console, you create user accounts and assign them roles, which are sets of permissions. You can add individual users or import users in bulk. The following sections list out the various ways to configure your users.

 

Adding a new user and assigning roles 

Follow the instructions below to add a new user account and configure its role.

  1. On the Main tab in the Management Console, click Add under Users and Roles.

  2. Click Users. This link is only visible to users with the Admin role. 

  3. Click Add New User. The following screen appears.

     

  4. Do the following:

    1. In the Domain list, specify the user store where you want to create this user account. This includes the list of user stores you configured. See Configuring the Realm for more information.

    2. Enter a unique user name and the password that the person will use to log in. By default, the password must be at least five characters.

    3. Click Next. Click Finish here if the following step is not relevant.

  5. Optionally, select the role(s) you want this user to have. If you have many roles in your system, you can search for them by name.

  6. Click Finish.

A new user account is created with the specified roles and is listed on the Users page.

Creating users using the ask password option

See the Creating users using the ask password option page for guidance on user creation using the ask password option.

Create user using SCIM

Instead of creating the user through the management console, it can also be done using a SCIM request as seen below.

 In the request, you can avoid giving the password of new user by enabling ask password option and giving the email address of the user in the request so that the user will get an email to that email address for confirming the account and setting the password.

Request
curl -v -k --user admin:admin --data "{"schemas":[],"name":{"familyName":"familyName","givenName":"givenName"},"userName":"username","password":"password","emails":[{"primary":true,"value":"wso2_home.com","type":"home"},{"value":"wso2_work.com","type":"work"}]}" --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users
Response
{"id":"0d2714d0-6a33-4ddd-b4e0-612584c4a8c8","schemas":["urn:scim:schemas:core:1.0"],"name":{"familyName":"familyName","givenName":"givenName"},"userName":"username","emails":[{"value":"wso2_home.com","type":"home"},{"value":"wso2_work.com","type":"work"}],"meta":{"lastModified":"2016-01-25T11:44:14","location":"https://localhost:9443/wso2/scim/Users/0d2714d0-6a33-4ddd-b4e0-612584c4a8c8","created":"2016-01-25T11:44:14"}} 
Create user using SOAP

The user can also be created by calling the RemoteUserStoreManager service.

  1. Open the following Admin Service from SOAP UI : https://localhost:9443/services/RemoteUserStoreManagerService?wsdl  

  2. Call the addUser() method to create the user and make sure to give the email address of the user similiar to the SOAP request below: 

    SOAP Request

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://service.ws.um.carbon.wso2.org" xmlns:xsd="http://common.mgt.user.carbon.wso2.org/xsd"> <soapenv:Header/> <soapenv:Body> <ser:addUser> <ser:userName>username</ser:userName> <!--Zero or more repetitions:--> <ser:roleList>admin</ser:roleList> <!--Zero or more repetitions:--> <ser:claims> <xsd:claimURI>http://wso2.org/claims/emailaddress</xsd:claimURI> <xsd:value>wso2demomail@gmail.com</xsd:value> </ser:claims> <ser:profileName>default</ser:profileName> <ser:requirePasswordChange>true</ser:requirePasswordChange> </ser:addUser> </soapenv:Body> </soapenv:Envelope>

Importing users

In addition to manually adding individual users, you can import multiple users in bulk if you have exported them to a comma-separated values (.csv) file or Microsoft Excel (.xls) file.

Note the following before you use this feature: 

  • If the option to import users in bulk is not enabled in your product by default, you can enable it by adding the following property to the JDBC user store configured in the user-mgt.xml file (stored in the <PRODUCT_HOME>/repository/conf directory). Please see the User Store management section for more information.

    <Property name="IsBulkImportSupported">true</Property>

  • It is recommended to upload a maximum of 500,000 users at a time. If you need to upload more users, you can upload them in separate batches of 500,000 each.

  • You can also specify the size of the file that you can upload to the product in the <PRODUCT_HOME>/repository/conf/carbon.xml file using the TotalFileSizeLimit element as shown below. This value is in MB.

    <TotalFileSizeLimit>100</TotalFileSizeLimit>

Creating a file with users

You must first create a CSV file or an Excel file with the user information. It is possible to import the username and password directly from the CSV/Excel to the product. Other user attributes can be imported if claim URls are defined for such attributes. Shown below are the claim URls that are defined be default in WSO2 IS. These will allow you to import the user's email addresscountrygiven name etc. in addition to the username and password.

  • http://wso2.org/claims/country

  • http://wso2.org/claims/emailaddress

  • http://wso2.org/claims/givenname

  • http://wso2.org/claims/im

  • http://wso2.org/claims/lastname

  • http://wso2.org/claims/mobile

  • http://wso2.org/claims/organization

  • http://wso2.org/claims/role

  • http://wso2.org/claims/streetaddress

  • http://wso2.org/claims/telephone

  • http://wso2.org/claims/url

The username, password and other attributes (claim URls) that you import should be given in a CSV file as shown below. Note that the first line of the file will not be imported considering that it is not a username.

UserName,Password,Claims name1,Password1,http://wso2.org/claims/emailaddress=name1@gmail.com,http://wso2.org/claims/country=France name2,Password2,http://wso2.org/claims/emailaddress=name2@gmail.com,http://wso2.org/claims/country=France name3,Password3,http://wso2.org/claims/emailaddress=name3@gmail.com,http://wso2.org/claims/country=France

In WSO2 IS, you can choose to leave the password empty as shown by the third line in the below sample file. To use this option, you need to first enable the Ask Password option for the server.

UserName,Password,Claims name1,Password1,http://wso2.org/claims/emailaddress=name1@gmail.com,http://wso2.org/claims/country=France name2,Password2,http://wso2.org/claims/emailaddress=name2@gmail.com,http://wso2.org/claims/country=France name3,,http://wso2.org/claims/emailaddress=name3@gmail.com,http://wso2.org/claims/country=France

Importing users from the CSV/Excel file

To import users in bulk:

  1. Log in to the management console.

  2. Click Add under Users and Roles in the Configure menu.

  3. In the Add Users and Roles screen, click Bulk Import Users.

  4. The user stores configured for your product will be listed in the Domain field. Select the user store to which you want to import the users from the list.

  5. Click Choose File to give the path to the CSV/Excel file that contains the users that you want to import.

  6. Click Finish to start importing.