Versions Compared

Version Old Version 2 New Version Current
Changes made by

Michael Dreher

Sandro Camastral

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

The service user which until now synced the changes from Zitadel (events) with Unique FinanceGPT requires now more privileges (IAM Org Owner Viewer & IAM User Manager). This service user now needs to also be able to create, modify and delete users from any organisation on Zitadel via API (IAM User Manager). But also fetch information about Organisations to be able to assign roles and IDPs to new created users (IAM Owner Viewer).

[Zitadel] Adjusting permission of service user

  1. Login to Zitadel with a user that has IAM Owner capabilities (instance manager).

  2. Switch to Cluster IAM organisation on top left.

...

  1. Switch to the instance view on top right.

...

  1. Open the instance users managing view.

...

  1. There should be a service user (robot icon) which has currently at least

    IAM Owner Viewer capability called user-sync or scope-management-user.

...

  1. Adjust the Permission of this user including IAM Owner Viewer and IAM User Manager

...

[MS Portal] Creating the SCIM Enterprise Application

...

  1. Add Configuration

Screenshot 2024-12-27 at 17.07.27.png

  1. Fill URL and Token

...

Info

The <API-URL> is the base API URL on which the Unique FinanceGPT backend services are available. Normally its something similar like: https://gateway.xxx.unique.app. But especially for customer managed tenant this can vary.

  1. Test and create

Screenshot 2024-12-27 at 17.16.49.png

  1. Adjust the attribute mapping

...