Login / Single Sign-On
For e-Spirit customers, your backoffice users will be authenticated against e-Spirit's OpenID Connect based SSO mechanism. In this case Pinuts will take care that your UM instance is correctly connected to the same OpenID Connect provider your FirstSpirit is connected to.
Each OpenID Connect user needs to have at least one of the following roles from each of the two categories below to be able to login to UM’s backoffice GUI.
UM user role |
|
---|---|
| User has limited permissions in UM backoffice GUI: UM admin role |
| User has super-user (= unlimited) permissions in UM backoffice GUI |
UM instance |
|
| User has access to TEST UM instance |
| User has access to STAGING UM instance |
| User has access to PROD UM instance |
Upon first UM login of any OpenID Connect user a shadow user entry (entrytype=”admin”
) will be created that reflects the current user information including login name, firstname, lastname, email and role. This shadow user entry can then be edited by any UM admin user to modify the user’s name or UM admin role or any other personal information. On subsequent logins the information from the shadow user entry will be used and thus overrides settings from OpenID Connect.