Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
711:user_groups_permissions_scim [2024/09/18 15:46] Nerlich, Axel711:user_groups_permissions_scim [2024/09/18 15:50] (current) – [Participant groups] Nerlich, Axel
Line 25: Line 25:
 Each token is identified by a label that is defined upon generation. The resulting token values will not be stored at the server but the server is able to identify a valid token by its value. Tokens become invalid after explicitly being revoked by the Stages administrator or after their expiry date has been reached. Each token is identified by a label that is defined upon generation. The resulting token values will not be stored at the server but the server is able to identify a valid token by its value. Tokens become invalid after explicitly being revoked by the Stages administrator or after their expiry date has been reached.
  
-(image)+{{issue_apitoken.png}}
  
 Directly after creating the API Token, the token value can be copied from the Stages popup dialog and saved in a secure location. Once the dialog has been closed, it can not be retrieved anymore. Directly after creating the API Token, the token value can be copied from the Stages popup dialog and saved in a secure location. Once the dialog has been closed, it can not be retrieved anymore.
  
 Requests to the Stages REST endpoint must contain the value of a valid API token in the Authorization header in the following format: Bearer <token_value> Typically, the identity providers do this under the hood. All actions will be logged at the server in the scim.log and audit-json.log files with the respective API token label as a logging context identifier. Requests to the Stages REST endpoint must contain the value of a valid API token in the Authorization header in the following format: Bearer <token_value> Typically, the identity providers do this under the hood. All actions will be logged at the server in the scim.log and audit-json.log files with the respective API token label as a logging context identifier.
 +
  
 ===== Defining attribute mappings ===== ===== Defining attribute mappings =====
Line 68: Line 69:
  
 Participants are defined globally but user assignments are workspace-specific (under Management > Participants). Therefore every combination of participant and workspace can be seen as another user permission group. For such a combination, it is possible to declare it as a user permission group with a custom name (see SCIM settings). When set to enabled for a participant and a workspace, this is returned by the Stages SCIM API as user permission group with the given name and the prefix ''VG-<workspace-id>''. Participants are defined globally but user assignments are workspace-specific (under Management > Participants). Therefore every combination of participant and workspace can be seen as another user permission group. For such a combination, it is possible to declare it as a user permission group with a custom name (see SCIM settings). When set to enabled for a participant and a workspace, this is returned by the Stages SCIM API as user permission group with the given name and the prefix ''VG-<workspace-id>''.
 +
 +{{scim_settings.png}}