Open in app

Sign in

Write

Sign in

Decoding Asgardeo User Types: A Practical Overview

Tharmakulasingham Inthirakumaaran
Identity Beyond Borders
Published in
9 min readOct 30, 2023

--

If you're new to Asgardeo, you might find the user types and their related concepts a bit complex. These user classifications are essential because they help us understand how different individuals interact with the Asgardeo platform, and this, in turn, can significantly impact the way we build requirements and utilize available features. This blog serves as a valuable resource, particularly if you are endeavoring to construct business requirements based on Asgardeo or craft an architectural overview involving Asgardeo.

In this blog post, we will delve into the various perspectives from which we can define user types within Asgardeo, differentiating them accordingly. We'll explore the user landscape from business & technical viewpoints, shedding light on how these roles interact within the platform. Furthermore will cover another perspective (Hierarchical Perspective ) specific to Business-to-Business(B2B) scenario.

Here's a preview of what we will cover:

1. Business Perspective:

This perspective looks at the user based on their functions in an organization. This can be achieved by making use of Asgardeo Roles:

-Organization Admins: Those responsible for managing Asgardeo within their organization.

- Developers: Individuals tasked with implementing and customizing Asgardeo for their organization. (This feature is yet to be fully realized in Asgardeo but we can these personas to build your stories)

-Business Users/Consumers: The end-users who interact with Asgardeo as part of their day-to-day activities.

2. Technical Perspective: In this perspective, the emphasis is on the “identity of the user” rather than user functionality. The primary focus lies in determining whether a user is bound to a specific organization or not. This classification is an inherent feature, integral to how user identity is maintained and provisioned:

-Asgardeo Users: Those who engage directly with Asgardeo for identity management. ( Managed by column in the list views gives this idea more clearly)

-Business/Organization Users: Individuals from your organization who interact with Asgardeo for authentication and identity-related purposes.

Other than the above two perspectives for Hierarchical Perspective (B2B Scenario): In a B2B context, we'll explore the following types:

- Parent Org Users (App Owners): Organizations or entities that own and operate applications within the Asgardeo ecosystem.

- Sub Org Users (Customers): External organizations or customers who interact with the parent organization's applications, often with their own set of users.

By the end of this article, you'll have a comprehensive understanding of the user types and their roles within Asgardeo, helping you navigate this dynamic platform more effectively. So, let's dive in and explore the diverse dimensions of Asgardeo's user landscape.

Please Note: Within the Asgardeo Docs, terms such as “users” and “administrators” are commonly used to denote distinct types. However, the aim of this blog is to present a more versatile range of user types, exploring diverse perspectives

Business Perspective

In the realm of identity and access management, comprehending and categorizing user types is crucial to ensure the seamless operation of platforms like Asgardeo. These user types, often referred to as personas, can be diverse and multifaceted, catering to different aspects of an organization’s dynamics. In this section, we’ll delve into the Business perspective of defining user types within Asgardeo and explore the unique roles and responsibilities associated with each.

Organization Admins(Administrators)

Organization admins play a pivotal role in managing the overall operations and infrastructure of an organization. They are often the linchpins, ensuring the smooth functioning of Asgardeo within the organization. This user type typically includes members of the infrastructure team or the primary IT support team. Their primary tasks revolve around overseeing the administrative facets of Asgardeo.

Admins

As organization admins, their responsibilities include:

  • Managing Registration Policies: Setting the ground rules for user registration.
  • Identity Management: Supervising onboarding, de-provisioning, account recovery, account management, and ensuring account security.

The admins can access Asgardeo via Asgardeo Console (Managerial Apps) or Asgardeo APIs

Furthermore, organization admins can be further divided into two subcategories:

  • Collaborators: These users may be invited from other organizations, collaborating with the current organization.
  • Privileged Users: Typically, employees of the current organization who hold a certain level of privilege within the Asgardeo ecosystem.

It’s essential to note that “Owner” represents a special category within the organization admin persona.

Developers

Developers within the Asgardeo context are those individuals tasked with performing various development-related duties, such as configuring new applications and establishing connections. While they have a degree of administrative access, it’s tailored to align with their specific business roles.

As developers, their responsibilities encompass:

  • Creating and Managing Application & Identity Provider Configurations: Configuring settings and options for applications and identity providers.
  • Branding the Organization: Enhancing the organization’s brand identity within the Asgardeo environment.

Developers may include employees of the organization who are actively involved in these development tasks. Notably, Asgardeo does not currently offer this persona as an out-of-the-box (OOTB) feature, meaning organizations often tailor it to meet their unique requirements.

Business Users

Business users represent the endpoint of the identity and access management hierarchy. These individuals are the final consumers of the Asgardeo system, leveraging its features and capabilities to meet their daily operational needs. Employees or customers can fall under the category of business users, depending on the nature of the business. For example, a company providing airline ticket registration services may refer to them as “passengers.”

Key attributes of business users include:

  • Identity Management by Respective Organizations: Each business user’s identity is managed by their respective organizations, ensuring data privacy and security. It can also be FIdP such as Google or GitHub
  • Access to Business Applications: They utilize Asgardeo to log in to essential business applications.
  • Self-Account Management: Business users have the autonomy to manage their own accounts, involving tasks such as configuring profile information, enabling multi-factor authentication (MFA) methods like TOTP, and utilizing FIDO2 security keys or biometrics.
  • Session Management: This includes the ability to view active sessions and terminate them when necessary.

With these distinctive user types defined, we’ve laid the foundation for a comprehensive understanding of how Asgardeo operates from a business perspective. In the subsequent sections, we’ll delve deeper into the technical and hierarchical perspectives, providing a holistic view of user types within the Asgardeo identity and access management ecosystem.

Technical Perspective

When it comes to identity management in Asgardeo, a technical perspective brings into focus the organization responsible for managing the identities of its users. It’s important to note that even when federated identity providers (IdPs) are employed, the connection between the IdPs and Asgardeo is typically managed by a specific Asgardeo organization.

This technical viewpoint categorizes users into two primary types:

Asgardeo Users

A Unique Identity Within the Asgardeo Platform

Asgardeo users are those whose accounts are created directly within the Asgardeo platform. These users typically register via the Asgardeo website(Checkout it @ [1]). It’s important to highlight the uniqueness of Asgardeo user accounts — they are specific to the Asgardeo platform, allowing users to access different regions and services using the same set of credentials.

Notable aspects of Asgardeo users include:

  • Potential Asgardeo Organization: While not a strict requirement, Asgardeo users may establish their own Asgardeo organizations. Notably, all organization owners are Asgardeo users and possess full access to the resources and settings within their respective organizations.
  • Association with Existing Organizations: Asgardeo users have the flexibility to associate themselves with existing Asgardeo organizations. This association can be accomplished through a collaborator flow, enabling users to connect with and operate within these organizations. Collaborators may establish their organizations or maintain an association with existing ones.

Business Users or Organization Users

Identity Management by the Respective Organization

Business users, sometimes referred to as organization users, represent a category of users with distinct identity management processes. These users are the same as Business Users from the Business perspective. Their identities are administered by their own respective organizations. While these users are unique within their organizations or organization hierarchies, it’s important to note that different organizations can have users with identical names (e.g., a user with username “Alex” can be in Organization Alpha and Organization Beta).

Key characteristics of business users include:

  • Identity Management by the respective Organizations: The primary distinction lies in the fact that their identity is managed by their own organization. This framework ensures that user data remains siloed and secure within the respective organizations.
  • Onboarding: Depending on organizational policies, business users may be onboarded through self-registration processes. Organizations that allow self-registration provide their users with the autonomy to create their accounts. Alternatively, organization admins can take charge of onboarding business users using Asgardeo Console or SCIM2 endpoints.

In the context of technical identity management, understanding the distinction between Asgardeo users and business users is fundamental. In the subsequent section, we will explore the hierarchical perspective, particularly relevant in business-to-business (B2B) scenarios, and how it further refines the concept of user types within Asgardeo’s identity and access management framework.

Hierarchical Perspective

The hierarchical perspective within Asgardeo comes into play specifically in the B2B (Business-to-Business) scenario, and it adds complexity by involving a group of organizations structured in a hierarchical order. Here, both the business and technical perspectives intermingle to create a unique user classification that is vital for managing such organizational structures. If you’re new to the concept of B2B in Asgardeo, I recommend referring to [2].

For simplicity, we’ll define two distinct user types unique to B2B scenarios:

Parent Org Users (App Owners)

Parent org users belong to the parent organization, which is typically the organization where the SaaS application is created or hosted. In a business context, these individuals can be referred to as service providers. Parent users are primarily responsible for creating applications and sharing them with sub-organizations within their hierarchical structure. Additionally, they have the authority to establish new sub-organizations. However, their involvement in the management of sub-organizations is contingent upon retaining administrative privileges for those sub-organizations. Each sub-organization can be independently managed by its own administrators.

Sub Org Users (Customers)

The term “sub-org users” is used broadly here to encompass all users within the sub-organizations. In the context of a two-level organization hierarchy, these users are essentially the consumers of the applications provided by the parent organization. As mentioned earlier, sub-org users have the capability to manage their own organizations and implement their unique set of policies and customizations.

This hierarchical perspective adds another layer of intricacy to Asgardeo, particularly when dealing with B2B scenarios involving a multi-organizational structure. The differentiation between parent and sub org users plays a crucial role in defining roles, responsibilities, and access rights within this hierarchical framework.

In this blog, we’ve classified Asgardeo users into distinct categories based on business, technical, and hierarchical perspectives. While this classification isn’t official, it offers a simplified framework for understanding the diverse user roles within Asgardeo. Whether you’re an organization admin, developer, business user, or part of a B2B hierarchy, this classification can help you define your requirements more clearly and make the most of Asgardeo’s capabilities.

By recognizing the various user types and their unique roles, you’ll be better prepared to navigate Asgardeo’s ecosystem, leading to more effective implementation, streamlined management, and successful achievement of your identity and access management goals.

Resources

[1]https://asgardeo.io/signup?utm_source=console

[2]https://wso2.com/asgardeo/docs/guides/organization-management/manage-b2b-organizations/

[3]https://wso2.com/asgardeo/docs/guides/users/

User Management
Asgardeo
User Types

--

--

Tharmakulasingham Inthirakumaaran
Identity Beyond Borders

Written by Tharmakulasingham Inthirakumaaran

108 Followers

Associate Tech Lead, MSc graduate and occasional writer.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams