search
About CoherentAPI referenceSupportYouTube

Manage users

circle-info

Coherent's recommendation is to integrate Keycloak, our Identity and Access Management (IAM) with your Identity Provider (IdP). This provides the best security for user accounts. See Identity and Access Management and Benefits of IdP versus local accounts.

This functionality may be disabled if Single Sign-On is enabled.

hashtag
User groups

Tenant administrators (tenant-admins) can create user groups, which act like teams where different users are grouped together if they perform similar actions. For example, the Product team can be a part of the same user group, responsible for adding and updating the Excel files on Spark. User groups can control access to Folders, if part of a Private tenant.

  • In a Shared tenant, where every user has access to all folders and services within a tenant, the relevant user groups are tenant-admin and user:pf.

  • In a Private tenant where users have restricted access to folders and services:

    • The relevant user groups also include supervisor:pf and any other user groups the administrators may want to create, such as regional or functional teams.

    • User groups can also define permissions for Authorization - API keys.

hashtag
Default user groups

User group
Description

supervisor:epos

This is only used by Coherent Flow tenants.

👮 supervisor:pf

This user group by default has access to all Folders and Services.

🌟 tenant-admin

Realm administrator that can manage User, Groups, Clients, Roles and Realm/Tenant. In a Private tenant, tenant-admins cannot see all Folders and Services unless they added to the supervisor:pf group. tenant-admins can also use APIs to access all objects within Spark.

tenant-moderator

Realm Moderator that can manage only User and Groups. This group can remain unused.

tenant-viewer

Realm Viewer it can only view Users and Groups. This group can remain unused.

user:anonymous

This is only used by Coherent Flow tenants.

user:coherent.forms

This is only used by Coherent Flow tenants.

user:epos

This is only used by Coherent Flow tenants.

user:pf

Access to this user group is mandatory for a user to login to Spark.

hashtag
View user groups

  1. Login using tenant-admin credentials.

  2. Choose Options from the User menu.

  3. In the left-hand navigation that appears, select User groups.

  4. Click View users to see all the users who are members of each user group.

hashtag
Add user groups

circle-exclamation

Newly created user group names should begin with the prefix user: or supervisor:, for example user:NewUserGroup.

circle-info

supervisor users are able to manage the users for folders they have access to. When a folder is created, supervisor user groups are also assigned access by default.

  1. Follow View user groups to arrive at the User groups screen.

  2. Click on Add user group.

  3. Enter the required information.

  4. Existing Users on Spark can be added to the user group.

  5. Click Submit to finish adding the user group.

hashtag
Edit user groups

  1. Follow View user groups to arrive at the User groups screen.

  2. Click on the "three-dot menu" and select Edit user group.

  3. A similar screen to View user groups appears.

  4. Click Submit to finish making changes.

hashtag
Delete user groups

  • Follow View user groups to arrive at the User groups screen.

  • Click on the "three-dot menu" and select Delete user group.

  • Any permissions related to the deleted user group will no longer apply.

hashtag
Users

tenant-admins also have the ability to add users to their Spark environment. Users can be managed from the Users page inside Spark. Individual users added to Spark will then have the ability to log in and start creating APIs.

hashtag
View users

  1. Login using tenant-admin credentials.

  2. Choose Options from the User menu.

  3. In the left-hand navigation that appears, select Users.

  4. In the three-dot menu for each user, click View users to see all the users who are members of each user group.

hashtag
Add users

circle-exclamation

user:pf is a mandatory user group for users to login to Spark!

  1. Follow View users to arrive at the Users screen.

  2. Click on Add user.

  3. Enter the required information.

  4. Users can be added to the relevant user groups. user:pf is required to access Spark!.

  5. Alternatively, user permissions can be copied from an existing user.

  6. Users can also be setup to use Multi-Factor Authentication to login. See Multi-Factor Authentication (MFA) for more information.

  7. There is an option to choose between sending the user an invitation link or generating a password.

  8. Click Submit to finish adding the user.

hashtag
Edit users

  1. Follow View users to arrive at the Users screen.

  2. Click on the "three-dot menu" and select Edit user.

  3. A similar screen to Add users appears.

  4. Click Submit to finish making changes.

hashtag
Deactivate users

circle-info

Users cannot be deleted from Spark in order to support internal audit and tracking of events in Spark.

  1. Follow View users to arrive at the Users screen.

  2. Click on the "three-dot menu" and select Deactivate user.

  3. The user account will be deactivated and no longer able to access Spark.

Last updated