Create Identity Pool
-
Login to your tenant and select Identity Pools in the left navigation tree.
-
Select + CREATE POOL.
You can create multiple pools per tenant - there is no limit. You can store different user populations across separate pools for easier management.
flowchart TB subgraph ACME Identity Pools subgraph Partners subgraph Pool: Partner 1 Customer1(Customer 1) Customer2(Customer 2) end subgraph Pool: Partner 2 Customer3(Customer 3) Customer4(Customer 4) end end subgraph Businesses subgraph Pool: Business 1 Customer5(Customer 5) Customer6(Customer 6) end subgraph Pool: Business 2 Customer7(Customer 7) Customer8(Customer 8) end end subgraph Employees Employee1(Employee 1) Employee2(Employee 2) end end style Employees fill:#96CEE7 style Partners fill:#dbcc8f style Businesses fill:#94db8f -
Provide the details for your user pool.
In the Sign In / Sign Up settings, you may configure preffered authentication methods, such as using a password or a verfication code.
User Registration
If you wish to enable users to register themselves within your Identity Pool, make sure to Enable User Self-Registration. You may also configure it later.
If you defined any custom Identity Schemas for user metadata and payload, you may assign them to your pool to have the user entity defined as required.
-
Select Create.
Add Users
Besides user self-registration, administrators can initiate user registration on their behalf. Such feature is useful, for example, if your organization does not allow the users to register themselves for security reasons. In such a case, the admin may initiate the user registration to add, for example, a new employee.
-
Select your Identity Pool.
-
In the Users tab for the Identity Pool, select + ADD USER.
-
Provide the details of the user.
The user basic data can be changed depending on the Identity Schema assigned to your Identity Pool. If you wish to create users with rich identity data, create an Identity Schema for the user payload (attributes editable by the user, for example, phone number) and user metadata (attributes editable only by administrators, for example, user role).
Regarding the registration mode, you may choose between two options:
-
Send an activation email with which the user will be able to complete their registration and set their new password.
-
Set credentials for the user.
sequenceDiagram participant userInactive as Inactive User participant userActive as Active User participant admin as Administrator participant Cloudentity alt Registration of inactive user admin-->>Cloudentity: /createUser status: new admin-->>Cloudentity: /sendActivationMessage Cloudentity-->>userInactive: Activation message with OTP userInactive-->>Cloudentity: /activateSelfRegisteredUser Cloudentity-->>userInactive: Activate (status: active) userInactive-->>userActive: Change status else Registration of active user with password admin-->>Cloudentity: /createUser status: active Cloudentity-->>userActive: Active user with password set end
-
-
Select Create.
Can my users authenticate now?
Adding a user to an Identity Pool does not mean they will be able to authenticate to any of your apps right away.
In order to enable people to authenticate, connect the Cloudentity Identity Pool IDP to any workspace with apps where the users stored in pools will authenticate and assign a pool to the IDP you’ve created. This way, you can control, for example, that only the administrators will have access to a particular application, or partners to partner-only application.
Allow Users to Sign Up
Organizations may want to enable users to register themselves. In such a case, you may use Cloudentity built-in User Registration Page, or develop your own user registration page using Cloudentity APIs.
-
Navigate to the Settings tab in the identity pool of your choice.
-
Expand the Sign In / Sign Up dropdown.
-
Tick the checkbox next to the Self Registration option and save your changes.