TermWeb supports automatic user creation when logging in from an external authenticated source.
Specifically this feature is available with:
- API authentication using an API Key (XTM integration)
- OpenId authentication (XTM integration)
- SAML authentication (customer-specific configuration)
During these calls, if the user attempting to login does not exist (by name), then he/she is created before initiating the session.
If the user exists in TermWeb, then the session is created with the existing user. The rights of the existing user are not changed in this case.
By default, the automatically created user is given administrator rights. However, this can change by editing the following TermWeb properties:
api.default.user.group=<an existing user group name with API rights>
The first property results in creating users without a specific role, i.e. simple users. The second property is necessary and applies only when the first property is false.
It assigns a user group to the automatically created user, which must have API enabled in order to authorize the user for API functionality.
This is not necessary when the user is admin, because admin users can access API functionality without belonging to an API user group by default.
By editing the API group permission scheme, you can assign specific rights to new users, like edit rights or read-only rights, even for specific dictionaries.