User Entity
A user entity is defined by a collection of user operational (status, identifiers, addresses and credentials) and custom attributes, which represent the unique characteristics and information associated with each individual user. These attributes play a crucial role in managing access control, personalization, and user experiences within applications and services.
User operational attributes play important part in Cloudentity build-in flows and help supporting most common use cases in all Identity world.
Operational Attributes
Status
status
indicates state of a user entry. It can be new
, active
, inactive
and deleted
.
There is a set of common rules that are followed:
- Only user with the
new
status can go through built-in Activation flow. - Activation flow changes the status to
active
. - Only
active
user can authenticate themselves. - Administrators can mark any user as
inactive
ornew
.
Identifiers
identifier
is a key that is associated with single user and uniquely identifies it.
Its main role is to be used as user identifier during authentication.
Besides that, it can be used as a user key in some integration APIs and as the key
to find user in user search queries. User can have any number of identifiers.
identifier
has its associated type which can be email
, mobile
, uid
or external
.
Type is used for validation and different types follows different rules:
email
must follow the email format.mobile
must follow the e164 format.uid
andexternal
may contain any ASCII character besides an empty space.
An identifier
(regardless of its type) can only be assigned to a single user in population.
Addresses
address
is either an email or mobile phone number that user claims they possess. User address can
be used in built-in flows like Account Activation or Password Reset as the destination where the verification
code or link should be delivered. User can have any number of addresses.
address
has its associated type which can be email
or mobile
.
Type is used mostly for validation and different types follow different rules:
email
must follow the email format.mobile
must follow the e164 format.
address
has a state verified
which can eiter be true
or false
.
There are built-in flows that mark address
as verified like Account Activation and Address Verification.
There is a set of common rules that are followed:
- verified
address
can only be assigned to a single user in population - verification of same
address
by other user ends up with an error. - any user can have any unverified
address
.
As verified address
uniquely identifies a user in population it can be used as a user key in
some integration APIs and as the key to find user in user search queries.
Credentials
credential
is information or data that is used to prove user’s identity. It’s used during the user
authentication.
credential
has its associated type which can be password
or webauthn
.
User can have multiple credentials associated with its entry, but only one of a type.
Timestamps
There is a set of timestamps in user entry that indicates when some action has happen:
created_at
, updated_at
and status_updated_at
.
Custom attributes
Besides user operational attributes user entry may contain custom attributes. Read about Custom Attributes.