Skip to main content

User profile

User Profile

Overview

Your user, whatever type it might be, is represented by a user profile. To read on how user profile works within Hii Retail, see User profiles.

Your profile in IAM system is automatically created when your user is, and is automatically kept up to date on each login.

User Profile ID

User Profile ID is the main identification for you in the IAM system (and other HiiRetail systems). Using this ID you can access any other data specific to your profile. Your user identifier is created using the following:

lowercase(sha256(subject + issuer + tenantId))

  • The subject is obtained from sub claim in the IAM token.
  • The issuer is the Issuer of the user token. This is usually the iss claim in the token.
  • The tenantId is the Tenant ID of your tenant.

You can also fetch the ID from UI on your profile page.

Attributes in User Profile

IAM saves the attributes from federated system (e.g. Azure AD, Google) inside your user profile, as well as other info from the user token. Using your profile ID you can access these attributes:

GET 'https://user-profiles.retailsvc.com/api/v1/tenants/<tenant-id>/systems/identity-and-access-management/users/<user-profile-id>'

{
  "meta": {
    "created": "2021-10-12T14:04:45.822Z",
    "lastModified": "2023-06-14T08:28:37.574Z",
    "version": "\"14b-rjlpLstYGIhEhI95QMhA/1eGy3I\""
  },
  "id": "d232e6518ede9352a7443ad49ebad12a48b36c7a02ebb5b229ce2797dc256dcd", // user profile id
  "userType": "Staff",
  "tenantId": "CIR7nQwtS0rA6t0S6ejd",
  "systemId": "identity-and-access-management",
  "displayName": {
    "value": "Vladyslav Bushynskyi"
  },
  "phoneNumbers": [],
  "addresses": [],
  "emails": [
    {
      "primary": true,
      "value": "vladyslav.bushynskyi.ext@extendaretail.com"
    }
  ],
  "externalId": "1234567890", // from token's externalId claim
  "idProviderRefs": [ // from token's idp claim
    {
      "providerId": "oidc.wbchz", // provider id
      "subject": "112653349528581589885", // from original provider's token's sub claim
      "issuer": "https://accounts.google.com" // from original provider's token's iss claim
    }
  ]
}

If your user is a Standalone user, then the externalId and idProviderRefs will be empty, but you can manually add them if you have the required permissions.

IAM internal user ID

You also have an internal user ID in IAM system. This ID is used to identify you in IAM API if you need it. You can find this ID in your profile page in UI. This same ID can be found in the sub or user_id claim of your user token.