Versions Compared

Version Old Version 15 New Version Current
Changes made by

Rodolfo Melia

Rodolfo Melia

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Although each realm can have variations in what information we collect., or what authentication process is setup, there is a minimum set of recommendations that should be follow in each realm setup.

...

Field

Mandatory

Type

1

First name

Mandatory

Native to keycloak

2

Surname

Mandatory

Native to keycloak

3

Username

Mandatory

Native to keycloak

4

Email address

Mandatory

Native to keycloak.
Keycloak enforce uniqueness of email

5

Phone number

Recommended as mandatory

+CCC NNNNNNN
PENDING: can it be set as unique?

6

WhatsAppID

Optional

+CCC NNNNNNN

7

Preferred Language

Mandatory

additional field

8

User profiling
(Gender, Age, or Age range, Date of birth)

Optional

additional field

9

Type of worker

Optional

additional field
Drop down values per realm

SHOULD IDEALLY BE BASED ON AN STANDARD CLASSIFICATION

10

Employee ID

Optional

additional field

11

Health Unit

Optional

additional field
Drop down values per realm

12

City/Town

Optional

additional field
Drop down values per realm

13

SubNational L2
(rename for each realm)

Optional

additional field
Drop down values per realm

14

SubNational L1
(rename for each realm)

Optional

additional field
Drop down values per realm

Information not collected:

...

  • First Name + “.” + Last Name (rodolfo.melia)

  • Initial First Name + “.” + Last Name (r.melia)

  • Initial First Name + Last Name (rmelia)

Username verification

  • Customization of message By Realm if username is not available - possible, part of the Realm Theme

Email

  • Expected for all users. Keycloak will enforce uniqueness within the Realm.

  • For self-created accounts, users will receive an email that they need to open an visit the suggested URL for email validation.

  • For manually created account or imported accounts, email can be set to ‘verified’

...

Password recovery

always enabled (email recovery)

2FA
Status
colourGreen
titleimplemented June 2023

...

Token validity
Status
titleNOT IMPLEMENTED

Session values

- Online - 48 hrs

- Offline - 7 days

Account lockout
Status
colourGreen
titleIMPLEMENTED early aug 2023

  • after 3 attempts

  • Wait increments of 1m, up to 15m

  • auto-reset: 12 hrs.

Account Expiration Date
Status
titleNOT

...

available in keycloak

If required, an account can be schedule to expire on a given date. This is used for consultants on short term contracts.

Possible workaround:

  • Custom field with desired expiration date

  • A custom script could disable accounts passed the expiration date