| Info |
|---|
| Replace ‘client’ and 'internal' with your agreed subdomain in any URLs on this page. |
...
IndiCater primarily uses the name claim, so please ensure this is populated with the email that the user will using SSO with.
| Info |
|---|
| Claims can be left blank, or omitted completely to use their default value. |
There are three types of user in IndiCater. External (Hospitality), HeadOffice, and Outlet. The matrix below shows which claims are required for each type of user. External users will be created by default if no additional claims are added to the default ones provided by Azure and a Hospitality outlet is present.
If claims are missing, or a hospitality outlet is not present when using the default Azure claims, then a 401 page will be shown to users trying to access the system.
Each time the user logs in, their claims are rechecked. If there is a discrepancy, it is changed to match the claims. Therefore outlets and roles can not be assigned within the system itself as they will be overridden on the next login by the values in the claims.
If the usertype claim is changed, then previous user account is archived and a new account created for them with the new user type.
Claim | Value | Required for Hospitality | Required | Required for Outlet | Default | Notes |
|---|---|---|---|---|---|---|
nameidentifier | Users Email Address | ✅ | ✅ | ✅ | ||
name | Users Email Address | ✅ | ✅ | ✅ | ||
emailaddress | Users Email Address | ✅ | ✅ | ✅ | ||
givenname | Users First Name | ✅ | ✅ | ✅ | ||
surname | Users Last Name | ✅ | ||||
ccaccess | Users Coster Centres To Access (comma separated) | ❌ | ||||
ccapprove | Users Cost Centres To Approve (comma separated) | ❌ | ✅ | ✅ | ||
company | The company id the user should have access to | ❌ | ❌ | ❌ | 1 | Can be omitted if you only have one company set up in IndiCater |
usertype | HeadOffice or Outlet | ❌ | ✅ | ✅ | External | |
| outlets | A comma seperated list of outlet ids the user should have access to. | ❌ | ❌ | ✅ | Can be omitted for headoffice users. The first outlet in the list will be the default outlet for the user and the one they are logged into on sign in. | |
| roles | A comma seperated list of role ids the user should be assigned. | ❌ | ❌ | ❌ | Default Role | Can be omitted to assign user to the default role for their user type |
Creating a new claim
When creating a new claim, the namespace should be http://schemas.xmlsoap.org/ws/2005/05/identity/claims
The source attribute should be the source of the claims value in Azure AD
Example Claim Setups
External
| Claim | Value |
|---|---|
| nameidentifier | test.user@indicater.com |
| name | test.user@indicater.com |
| emailaddress | test.user@indicater.com |
| givenname | Test |
| surname | User |
Headoffice
| Claim | Value |
|---|---|
| nameidentifier | test.user@indicater.com |
name | test.user@indicater.com |
| emailaddress | test.user@indicater.com |
| givenname | Test |
| surname | User |
| usertype | HeadOffice |
Outlet
| Claim | Value |
|---|---|
| nameidentity | test.user@indicater.com |
| name | test.user@indicater.com |
| emailaddress | test.user@indicater.com |
| givenname | Test |
| surname | User |
| usertype | Outlet |
| Outlets | 5,7,9 |
User assignment
If you are not assigning users specifically to the enterprise application, please make sure that ‘user assignment required’ field is set to ‘no’ otherwise users won’t be able to use the application. This field can be found by navigating to the enterprise application in Azure and should be under the settings blade.
...