Identities/Profiles
The profile is used to authenticate a user. Each account can have one or multiple profiles and identified by a unique ID in form of UUID.
When the profile has been imported from the external DB (Active Directory) the additional fields gets values like:
account external ID (usually UPN)
external identity public ID (such as
"S-1-5-21-1346520962-2386629273-538639937-1113")
Each profile is part of one or more user groups and each group has a list of associated roles. The internal roles are used to gain access for certain internal Veridium resources.
Other fields:
The registration time
The status - it can be NONE, ACTIVATION_PENDING, ACTIVE, BLOCKED, BLOCKED_BY_ADMIN
The profile’s language
Display name, email, upn, domain, commonName (
"CN=John Doe,OU=Users,OU=Dev,DC=dev,DC=local")
Storage format in Elasticsearch
In Elastic, identity related data is stored in two index aliases:
profiles - holds the current state of each account (serialized as JSON) together with a compact array of history logs.
profile_history - holds each history log of an identity in a separate document. It contains information about the action, the entire state of the identity in that moment and the set of field changes brought by that specific action.
Profiles Index
Identities are distributed in multiple indices, using an elasticsearch rollover policy that automatically creates and writes into a new index when the size of the current index goes beyond 50GB. The first index will be called profiles-000001, the second profiles-000002 and so on. The first index is manually created by the ElasticSearchSettingsUpdate migration task.
A document in an identity index contains two main fields: profile (holding the current state of the identity) and actionLogs (compact array of history logs, NOT indexed). It can be used for searching data related to the current state of identities.
The profile field contains the following searchable fields:
Field path | Functional Meaning | Mapping types | Notes | Example value |
|---|---|---|---|---|
|
| searchable as keyword only (exact value) |
| |
|
| searchable as keyword only (exact value) |
| |
|
| searchable as keyword only (exact value) |
| |
|
| searchable as keyword only (exact value) |
| |
|
| searchable as keyword only (exact value) |
| |
|
| searchable as keyword and full text search (individual terms, partial terms, lower/upper case) |
| |
|
|
| ||
|
| searchable as keyword only (exact value) |
| |
|
| searchable as keyword and full text search (individual terms, partial terms, lower/upper case) |
| |
|
| searchable as keyword and full text search (individual terms, partial terms, lower/upper case) |
| |
|
| searchable as keyword and full text search (individual terms, partial terms, lower/upper case) |
| |
|
| searchable as keyword and full text search (individual terms, partial terms, lower/upper case) |
| |
|
| searchable as keyword and full text search (individual terms, partial terms, lower/upper case) |
| |
|
| searchable as keyword and full text search (individual terms, partial terms, lower/upper case) |
| |
|
| searchable as keyword and full text search (individual terms, partial terms, lower/upper case) |
| |
|
| searchable as keyword only (exact value) |
| |
|
| searchable as keyword only (exact value) |
| |
|
|
| ||
|
| array of keywords |
|
An example of document:
{
"id": "7ebe1a52-77ae-431c-80b4-766757ace80a",
"profile": {
"id": "7ebe1a52-77ae-431c-80b4-766757ace80a",
"accountId": "b0a96555-0743-4d70-a56b-e1b32773b9ba",
"integrationId": "d2535f4f-f510-4875-8991-55974a566a69",
"integrationExternalId": "ADv2MultiStepEnrollment",
"accountExternalId": "johndoe@veridiumid.com",
"commonName": "CN=John Doe,OU=Users,OU=Dev,DC=dev,DC=local",
"registrationTime": "2024-06-10T14:33:03.422+00:00",
"externalIdentityId": "S-1-5-21-410015106-2063711249-828150371-1191",
"displayName": "John Doe",
"emailAddress": "johndoe@veridiumid.com",
"upn": "johndoe@dev.local",
"implicitUpn": "johndoe@dev.local",
"domain": "dev.local",
"phoneNumber": "+40700000001",
"language": "en",
"applicationId": "AD",
"identityStatus": "NONE",
"groups": [
"Veridiumid_Users"
],
"passwordExpirationTime": "+30828-09-14T02:48:05.477Z"
},
"actionLogs": [...] // NOT INDEXED
}Profile History Index
Identity history documents are distributed in indices using time window pattern. An index for each month following the pattern veridium.profile_history-YYYY-MM (veridium.profile_history-2024-02).
The index is automatically created when the first identity history index request is received for the current month.
Documents are never individually deleted, only the entire index gets deleted according to the lifecycle policy.
A document in the profile history index contains searchable fields related to the action itself (actionId, type, time, location, authorAccountId, authorDeviceId). Also, it contains the entire state of the identity in that moment (the profile field, which has the same searchable fields as above) and a set of searchable fieldChanges, storing all the fields that have changed compared to the previous version, with their previous and current value. It can be used for searching data related to specific mutations on an identity.
An example of document:
{
"id": "e96782f2-8720-4277-89b1-c34bd491ac3f",
"actionTime": "2024-02-27T22:13:30.925+00:00",
"actionType": "UPDATED",
"location": {
"ip": "79.115.63.208",
"countryCode": "RO",
"countryName": "Romania",
"regionCode": "IF",
"regionName": "Ilfov",
"city": "Otopeni",
"postalCode": "123456",
"coordinates": {
"lat": 41.23,
"lon": 21.0123
},
},
"authorAccountId": "b974def7-bdc7-4fac-b51d-33da86848387",
"authorDeviceId": "ssp_dc1",
"profile": {...} //the profile state in the moment of the history event, has the same structure as in table above
"fieldChanges": {
"emailAddress": {
"previousValue": "email1@veridiumid.com",
"currentValue": "email2@veridiumid.com"
},
//... other field changes if exist
}
}