Namespaces
As described briefly earlier, Trivore Identity Service is a multi-tenant system. A tenant is a customer organisation. A namespace in Trivore Identity Service roughly represents a tenant, and menu selection Namespaces is where tenants are managed. To make things more flexible, one customer organisation may have multiple namespaces, which can be managed with a single, or multiple user accounts (as needed). It is recommended to combine customer organisations (tenants) multiple namespaces together by defining a common prefix for the namespace code, when it is created. This is not mandatory, but makes managing the platform easier and less error-prone.
This Main Menu selection is only available for user accounts with role Portal Admin or Portal Auditor.
Management View
Below is a picture of Trivore Identity Service after selecting Namespaces on the Main Menu. This selection opens the list of namespaces. The current namespace will be highlighted in bold.
The selection buttons Add and Delete are rather intuitive, and deserve not much explanation. In the upright corner is a menu button Actions, which opens a menu for executing less common tasks, such as importing new namespace(s), exporting a selected existing namespace(s), exporting all existing namespaces, or printing a report on namespaces.
The Configuration button will show you a drop-down menu, The following options within this drop-down menu are:
-
Edit namespace, which will open the editor for the selected namespace.
-
Default policies, which will open the default policies editor for the selected namespace.
-
Outside user access, which will open a dialogue for managing users who do not belong to the namespace but are allowed access to it. You can add and remove the users from this dialogue.
Below is a picture of a list of namespaces. Upon selecting a namespace on the list the amount of accounts in the namespace will be shown.
Namespace list with Test 001 namespace selected, showing that it contains 7 accounts
Like in all management views you will be able to show/hide columns by right clicking the three horizontal lines on the top-right corner of the list.
The Actions menu that is located on the top-right corner you will be able to perform actions on the selected namespaces. Actions such as printing, import/export and other management actions are available from here.
Editor
Core
This tab contains the core information about the namespace. Name given to namespace makes the namespace identifiable and unique. Other settings define some general settings used for all users in the namespace.
Perhaps the most important field is the decision on sign-in account naming policy. This can be changed later, but the new setting only affect user accounts created after the change. Sign-in names of user accounts created before the policy change are not affected.
The recommended setting is 8 random numbers for small namespaces or 10 random numbers with namespaces, where million or more user accounts are expected.
The picture above shows examples of the current sign-in account naming policies. Please note that this is not all of them
Tip: When creating a specially named service account, temporarily change the policy to “Manually defined” before creating the account, and then restore it to original preferred setting.
Another important field is the list of valid email address domains. If sign-in name based on email address is used, the email address domain part must be one of these domains. The domains are presented in the listed order on the drop-down menu. For convenience, you should have the primary email domain as first domain on the list. Leaving this field empty will allow any domain to be used.
Domain names will have to be separated with a semi-colon (;). They are packed and stored intelligently after selecting Save to save any changes made.
User interface
This section covers on what the users in the namespace will see on their screen. Such options as using nicknames, password recovery process, user invitations, and access to user editor for their own account will be able to be edited here.
Features
Use of external Lightweight Directory Access Protocol (LDAP) can be configured here as well as settings for sending SMS messages from the system.
Branding
Each Trivore Identity Service namespace has its own private URI to sign in dialogue. This dialogue may also show organisations own logo instead of the general Trivore Identity Service logo. It is also possible to add a namespace private external address which also shown this private sign in dialogue. These branding related settings are all defined in this tab.
Miscellaneous
Event Logging is an important part of organisation auditability. If organisation requires any kind of formal certification or has an internal security policy, Event Logging must remain enabled.
This tab contains the logging level settings for all events of the namespace.
Default Event Logging level is to log all events with severity level of Warning or more severe. Some organisations require this setting to be Information. For a short time for troubleshooting this setting can be increased to Debug. Leaving it to Debug for extended period of time will cause warnings to be logged to the Event Log. If the organisation has no special requirements for Event Logging, the log level could be increased to level Error.
Severity level Warning is the default, and is the recommended setting for Event Logging.
This tab also contains the settings for enforced acceptance of Terms and Conditions and Privacy Policy. Also, the legislation applied is set here.
Personal data
The settings of how the right to be forgotten as defined in the General Data Protection Regulation of European Union is administered in the namespace are defined here.
Message Templates
You can set up namespace specific templates for email and SMS messages that use the built-in content. Standard system templates for sending email or SMS messages are selected by default.
Email messages
Some email messages can be customised here. You can replace the default message completely by building a localised template using supported Template Languages. The templates will be used when these messages are sent to users in this namespace.
User registration
New user registration options can be handled in this tab. You can choose if new user registration is allowed and what fields will be asked from the user when making a new user.