Using Access Manager
This guide walks you through how to use the Access Manager plugin in your application. It covers setup, configuration, and how the Auth and Identity serivces work together to handle authentication and identity management.
Typical usage
Access Manager is built to make authentication straightforward, whether you’re managing real people or system-to-system integrations. Here’s how it typically fits into your workflow.
Human access
When you’re creating the credentials for a person, you’ll usually follow these steps:
Step 1 - Check the group permissions
First, figure out what roles or permissions you want the person to have. To do so, you can list all groups available using the List Groups endpoint.
- If you want to check the details of a specific group, use the Retrieve Group details endpoint.
Step 2 - Create the user
Once you’ve got the right groups in mind, it’s time to create the user. To do so, use the Create a User endpoint.
- Add them to the correct groups during creation so they get the permissions they need from day one.
Managing Users
The following endpoints are also available for you to manage the users and their access:
- List Users - List all users created.
- Retrieve User details - Retrieve the information of a specific user.
- Delete a User - Remove a user’s access from the system.
- Update a User - Update a user's information
- Reset a User Password - Reset a user’s password
- Update a User Password - Update a user’s password by providing the current password along with the new one.
Step 3 - Request a token using password
The user can now authenticate using their credentials. To do so, use the Request an Access Token endpoint and use passwordas the grantType. This will return an access token they can use to access your protected APIs.
- If you need to renew an expired access token, use the Refresh the Access Token endpoint.
M2M access
For system-to-system (machine-to-machine) scenarios, the flow is a little different, but just as simple.
Step 1 - Create an application
Every system or service that needs to connect via M2M must have its own application. Use the Create an Application endpoint to set up access to the Lerian application your system will talk to.
Application name
The
namefield must match one of Lerian’s predefined application names. Right now, the available options are:
midazplugin-feesplugin-crmplugin-smart-template
Managing Applications
The following endpoints are also available for you to manage the applications:
- List Applications - List all applications that you have created to connect with Lerian’s application using M2M credentials.
- Retrieve an Application - Retrieves detailed information about an Application.
- Delete an Application - Remove an application and its associated credentials from the system
Step 2 - Request a token using client credentials
Once your application is set up, it can authenticate itself without a user. To do so, use the Request an Access Token endpoint and use client_credentialsas the grantType. This returns a token the system can use to call APIs securely.
Ending user session
If, for some reason, you need to end a user's session and revoke their active tokens, ensuring a secure and complete logout from the application, use the End User Session endpoint.
Updated 8 days ago