CloudIO Platform
cloudio.ioVersion 3.0 Docs
  • CloudIO Platform
  • Architecture
  • Service Architecture
  • Scalability
  • Installation
  • Getting Started
    • Overview
    • How Tos
  • UI
    • App Controller
    • Page Controller
    • Controller Component
    • Custom Component
      • Sample Property Definitions
      • Custom Component Types
  • DataSource
    • Server Side Scripts
      • Sample Scripts
      • Module Imports
    • WHO Columns
  • REST APIs
    • Authentication
    • Query
    • Post
    • Status
    • API Playground
  • Workflow REST APIs
    • Introduction
    • PUT
    • GET
    • Instance PUT
    • Instance GET
    • Increment and GET
    • Instance Increment and GET
  • App Deployment
    • CloudIO CLI
    • Patch Management
    • SQL Migrations
    • Component Help
    • Email Setup
    • Configure SSO/OAuth
      • OAUTH 2.0
        • GOOGLE
      • SAML
        • AUTH0
        • AZURE AD
        • OKTA
      • Auto User Creation
    • Test Automation
    • On Premise Agent
  • Oracle Instant client
    • Setup
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
  1. App Deployment
  2. Configure SSO/OAuth

Auto User Creation

PreviousOKTANextTest Automation

Last updated 2 years ago

Was this helpful?

Once SSO is configured, new users won't be able to access the CloudIO application, even after successful authentication, until the user account with the same SSO username is created within CloudIO.

You could automate the process of user account creation in CloudIO by implementing the following cloud function under the cloudio app.

The function must be defined in the cloudio app with Module URI create-user that exports a named function createUser.

create-user function
import { IoUserRolesEdit, NewRow } from "@cloudio-saas/datasource-types";

async function createUser({ userName, displayName, emailAddress }) {

    // validate if the userName/emailAddress is allowed to sign-in
    if (!emailAddress.endsWith('@example-domain.com')) {
        throw new UserError(`Email ${emailAddress} is not allowed to sign-in!`);
    }

    let appRoles: Record<string, string[]> = {};

    /*
        // get all the roles by app, that are to be assigned to this userName

        // fetch from a REST API
        const resp = await db.fetch('https://get-user-roles');
        appRoles = resp.json();

        // or fetch from a database table
        const rows = await db.executeQuery('select app_uid `appUid`, role_uid `roleUid` from approved_roles where user_name = ?', [userName]);
        appRoles = rows.reduce((pv, row) => {
            const { appUid, roleUid } = row;
            let roles = pv[appUid];
            if (!roles) {
                roles = [];
                pv[appUid] = roles;
            }
            if (!roles.includes(roleUid)) {
                roles.push(roleUid);
            }
            return pv;
        }, {} as Record<string, string[]>);

        // or hardcode it
        appRoles = {
            cloudio: ['administrator', 'developer', 'patch_administrator'],
            'my-app': ['administrator', 'developer', 'patch_administrator']
        };
    */

    const startDate = new Date();
    startDate.setHours(0, 0, 0, 0);

    // create a user account with the given userName & emailAddress
    await db.insertOne('IoUsers',
        { userName, displayName, emailAddress, startDate }
    );

    let userRoles: NewRow<IoUserRolesEdit>[] = [];
    let seqNo = 0;
    const apps = Object.keys(appRoles);
    for (let i = 0; i < apps.length; i++) {
        const appUid = apps[i];
        const roleCodes = appRoles[appUid];
        roleCodes.forEach((roleUid) => {
            seqNo += 10;
            userRoles.push({
                appUid,
                userName,
                roleUid,
                seqNo,
                startDate,
            });
        });
    }

    // assign roles to the user
    await db.insertMany('IoUserRolesEdit', userRoles);
}

export { createUser };

Use the following patch to upload the above sample function in cloudio app.

2KB
cloudio_create-user-fn_patch.zip
archive