Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

This is a starting point to look at the User Management process for onboarding and managing self-service users.

Users can be managed using the AWS console or the API.

Pilot

It’s expected that we’ll use the bulk-create function in the console to create the users for the pilot. The basic process is:

  1. Create the csv (Amazon Cognito Console > Manage User Pools > Select User Pool > Users tab > Import users > Download CSV header. This will give you a .csv file with the header row already included. It should be in utf-8 format.

  2. The following attributes are required:

    1. username

    2. mfa_enabled

    3. email_verified or phone_number_verified

    4. email (if email_verified is true)

    5. phone_number (if phone_number_verified is true)

    6. any other attributes marked as required when the User Pool was created (I assume there are none)

    7. Create and run the User Pool Import Job - choose Create Import Job, give it a name, upload the csv and click Create Job. Then click Start.

  3. You can view the User Pool Import Results in the CloudWatch Console

  4. Users will need to create their password when the first sign in. *** Need to test out a bulk create with a csv and look at how we send out the welcome email ***

  5. Notes on the csv:

    1. attribute values that are strings should not be in quotes

    2. username must be unique in the User Pool and not contain spaces or tabs

    3. birthdate attribute needs to be in US format (urgh) mm/dd/yyyy

    4. mfa_enabled needs to be true for all users

    5. max line length 16000 chars

    6. max csv size is 100MB

    7. max users in the file (i.e. rows) is 500,000

    8. updated_at field value is epoch time in seconds e.g. 1471453471

    9. leading or trailing whitespace will be trimmer

Wider Roll-out

The TIS team doesn’t have the resource to manage the users once we get past the initial pilot phase. This will be delegated to local offices - to people who already have access to TIS-Admin as administrators.

There is an API - further details tbc. I expect we’ll need to add some basic functionality to the usermanagement service that is used for managing users in keycloak/profile. We should be able to add a connection to the Cognito User Pool API, which will allow admins to CRUD users individually or bulk create (you can get a pre_signed_url response using the cli to create an import job and then curl the url to upload the csv, so I assume* we should be able to give local office users the ability to bulk upload users)

*I should never assume

  • No labels