3.4.2.1 Common settings

This section explains the settings for [User Data Reuse Policy] and [Default Identity Provider]. These settings are executed from [Identity Providers] - [Common Settings]. For details on [Identity Providers], see “Identity provider”.

(1) User data reuse policy

Even if a customer user or a user who has accessed OTOBO is deleted from Ops I, the relationship between that user and the resources created by that user will not be deleted and will remain on OTOBO as a user who existed in the past. Therefore, before a user links to an external IdP, it is necessary to decide whether or not the information of the deleted user should be inherited when a user logs in to Ops I using an external IdP with the same user name or e-mail address as a deleted user on Ops I.
Set whether to inherit user information in [User Data Reuse Policy]. The [User Data Reuse Policy] is a common setting for Ops I, targeting users who are linked to external IdPs.

A description of the [User Data Reuse Policy] window items is shown below.

(Table) User data reuse policy window items

Item Description
Operation button Save the user data reuse policy settings. The button will be activated when the setting content is changed.
  • Save button: Saves the user data inheritance settings.
  • Revert button: Cancels the changes to the settings and returns them to the previous setting.
User Data Inheritance Select the user data reuse policy.
  • Not inherit data as another user:
    The information of the deleted user that is considered to be the same is not inherited, and a different user is created in Ops I and linked to the external IdP user. The user name and e-mail address of the user who was not inherited is automatically converted and the user information is retained in OTOBO.
  • Inherit data as the same user:
    The information of the deleted user that is considered to be the same is inherited, and is linked to the external IdP user as the same user.

If any of the following cases apply, the system will automatically determine whether or not to inherit the user information according to the [User Data Reuse Policy] settings.

(Table) Cases in which the user data reuse policy setting is applied

Case* Criteria Duplicate of deleted user When information is inherited When information is not inherited
User name E-mail
  • When a new user is created by logging in from an external IdP (other than a customer user)
  • When a user's "Customer" setting is deleted due to logging in from an external IdP
 The deleted user is not a customer user Yes Ignored The information of the deleted user is inherited The user name of the deleted user is changed
  • When a new user is created by logging in from an external IdP (customer user)
  • When a user's "Customer" is set due to logging in from an external IdP
 The deleted user is a customer user of an arbitrary customer Yes No The information of the deleted user is inherited The user name of the deleted user is changed
No Yes The information of the deleted user is inherited The e-mail of the deleted user is converted
Yes
When both the user name and e-mail address are the same as those of the same deleted user		 The information of the deleted user is inherited The user name and e-mail address of the deleted user are converted
Yes
When the user name and e-mail address are the same as those of different deleted users		 The information of deleted users with duplicate e-mails is taken over, and the usernames of deleted users with duplicate e-mails are converted The e-mails of deleted users with duplicate e-mails will be converted, and the user names of deleted users with duplicate user names will be converted
* Customers are added or deleted according to the mapping settings. For details about mapping, see "Mapping tab".

The inheritance of deleted user information may also occur when users are added or edited in Ops I. For details, see “Inheriting the OTOBO information of deleted users”.


(2) Default identity provider

When there is only one external IdP used for linking with external IdPs, that external IdP can be set as the [Default Identity Provider]. This allows you to go directly to the login window of any external IdP without selecting it on the Ops I login window when logging in. If you are already logged in to the external IdP at this time, you will be logged in to Ops I without the external IdP login window being displayed.

Ensure that the users assigned the Pre-Installed roles “System Administrator” and “System Security Administrator” are linked before setting the [Default Identity Provider].
This user performs operations that require high privileges, such as Ops I settings.

[Default Identity Provider] window items are as follows.

(Table) Default identity provider window items

Item Description
Operation button Saves the default identity provider settings. The button will be activated when the setting content is changed.
  • Save button: Saves the default identity provider settings.
  • Revert button: Cancels the changes to the settings and returns them to the previous setting.
IdP Select the external IdP used as default. The pull-down menu displays [None] and all connection settings added, regardless of whether they are enabled or disabled.
If [None] or a disabled connection setting is specified, the [Default Identity Provider] setting will not be applied and the Ops I login window will be displayed.

NotesNotes

The [Default Identity Provider] setting is not user-specific, but is common to all Ops I users, so do not set this if the external IdP used differs between users, or if a single user logs in both directly from Ops I and via an external IdP.