Overview
User onboardingConfigure approval strategyManage user privilegesAdvanced user account securityDeveloper Portal provides you with options to onboard users and manage their accounts. You can:
Onboard users and user groups
Configure an approval strategy to process new user sign up requests
Manage user privileges
Configure advanced security settings to protect user accounts
User onboarding
Developer Portal offers you the following options to onboard users into your portal:
Configure approval strategy
You can configure the strategy for approving user sign up requests.
It is not mandatory to specify an onboarding strategy. If you do not configure an onboarding strategy, users who sign up are directly onboarded.
For information on configuring user onboarding strategies, see Onboarding Strategy.
Manage user privileges
You can assign one of the following privileges to users and user groups:
- Administrator. Has access to all modules and they can administer Developer Portal.
- Provider. Can manage APIs and communities, and view API economy and usage dashboards.
- Partner. Can manage APIs and communities. Can publish APIs to private communities, and assign owners (users or teams) to APIs.
- Consumer. Can use API gallery, try APIs, and view API usage analytics.
When you assign a privilege to a user group, it will be applicable to all users in the group. For information on assigning or modifying user privileges, see How do I assign privileges to a user?
Advanced user account security
You can make the user accounts more secure by enabling:
Native Registration
How do I add a user?How do I add a user group?Inviting users to sign upHow do I assign privileges to a user?Disabling user registration from the Sign up pageOnboarding StrategyHow do I configure onboarding strategy to process user sign up requests?How do I configure an approval workflow to process an internal approval onboarding strategy?Approving User Onboarding RequestsNative registration process allows:
Developer Portal provides the following options for native registration:
You can disable this mode of registering new users if you want to onboard users using other modes like SSO and LDAP. For information about disabling this feature, see Disabling user registration from the Sign up page.
For information on inviting users, see Inviting users to sign up.
For information on adding users, see How do I add a user?
For information on adding user groups, see How do I add a user group?
How do I add a user?
This use case starts when you want to add a user and ends when you have added one.
In this example, you add a user, user1, include the user to the API consumer group and assign the Consumer privilege.
Before you begin
Ensure you have the API Administrator privilege.
To add a user
Click the menu options icon
from the title bar and click Manage users.Click Create user.
Provide user1 in the Username field.
This is the user name that the user must provide during sign in.
Provide user_first_name in the First name field.
Provide user_last_name in the Last name field.
Provide user@email.com in the Email field.
Provide the Password that must be used to sign in.
Select the API Consumer group.
Select the API Consumer privilege.
Click Save.
The new user appears in the Manage users screen.
Alternative steps:
In Step 8, you can add more than one group.
You can also modify the list of groups later.
In Step 9, you can select one of the following privileges based on the role of the user in your organization:
- Administrator
- Provider
- Consumer
- Partner
In addition to the privilege that you assign to users, the users will have the privileges of the selected groups assigned to them. If you select more than one group, then the highest privilege among the groups added will be applied to the user. For example, if you select API provider and API consumer groups for a user, then the user will have the API provider privilege.
Next steps:
If you are a user:
You can sign in by providing their user name and password.
You must change your password when you sign in for the first time. The password you provide by the users must abide by the password policy. For information on configuring the password policy, see How do I configure password policy?
If you are an administrator:
You can click the edit icon
next to a user to edit the user details.You can click the assign icon
next to a user to assign the user to the required groups.
How do I add a user group?
This use case starts when you want to add a user group and end when you have added one.
In this example, you add a user group, usergroup1, assign the Consumer privilege, and include the user user1 to the group.
Before you begin
Ensure you have the API Administrator privilege.
To add a user group
Click the menu options icon
from the title bar and click Manage users.Click Groups.
Click Create group.
Provide usergroup1 in the Name field.
Select the Consumer privilege.
Select user1 from the Users list.
Click Save.
The group is added.
Alternative steps:
You can add more than one user and you can also modify the list of users later.
You can select more than one privilege for the group. If you select more than one privilege, then the highest privilege will be applied to the group. For example, if you select API provider and API consumer privileges for a group, then the group will have the API provider privilege.
Next steps:
The new group appears in the Groups tab of the Manage users screen.
You can assign groups as approvers for approving user or application.
You can assign groups to the communities to allow users of the group to access the community’s assets.
Click the edit icon
next to a group to edit the user details.Click the assign icon
next to a group to assign the required users.
Inviting users to sign up
As an administrator, you can onboard users by inviting them by e-mails. Users who receive the invitation can click the link in the mail to sign up to Developer Portal.
To invite users
Click the menu options icon
from the title bar and click Manange users.Click Invite user.
Provide the e-mail addresses of the required users.
When you invite multiple users using one invite, provide an e-mail address, and provide a comma or press Enter. Repeat this step till you provide all e-mail addresses.Select the communities, and privileges that must be applied.
The selected communities and privileges are applied to the newly invited users when they are onboarded.Click Invite.
An invite mail is sent to the e-mail addresses you provided.
Next steps
How do I assign privileges to a user?
Users can perform tasks based on their privileges. You, as an administrator, can assign privileges to users when you create them. For users who are onboarded using any other method, you can edit users or user groups and assign required privileges.
When you create users from the Add user page, you can assign the required privileges. However, you must edit the details of users who sign up through native registration or SAML SSO to assign required privileges to them.
This use case starts when you assign or modify user privileges and ends when you have successfully made the changes.
Before you begin:
Ensure you have the API Administrator privilege.
To assign privileges
Click the menu options icon
from the title bar and click Administration.The list of users appears.
Click the edit icon
next to the required user.Assign or modify the privileges to the user.
You cannot modify the user privileges assigned through the groups.
Click Save.
Your changes are saved.
Next steps:
Users can perform any transactions that require the assigned privilege.
Disabling user registration from the Sign up page
You can disable signing up of new users from the Sign up page, if you want the user registration only through other modes such as SSO and LDAP registration.
To disable user registration from the Sign up page
Click the menu options icon
from the title bar and click Administration.Click General.
Turn the Enable User Registration slider off.
This is turned on by default.
Click Save.
User signing up from the Sign up page is disabled.
Onboarding Strategy
The onboarding strategy is used to specify the process to approve or reject:
You can specify any one or all of the following steps as a part of onboarding strategy:
How do I configure onboarding strategy to process user sign up requests?
Onboarding strategy determines the process that user sign up requests must undergo and it is optional. If you do not configure an onboarding strategy, then users’ sign up requests are automatically approved.
This use case starts when you want to configure onboarding process for user registration requests and ends when you have completed the configuration.
Before you begin:
Ensure that you:
To configure user onboarding strategy
Click the menu options icon
from the title bar and click Administration.Select Onboarding.
From the User onboarding section, enable any or all of the required strategies:
Internal approval. Turn on and select the required approval workflow Select a flow. For information on configuring user registration approval workflow, see How do I configure an approval workflow to process an internal approval onboarding strategy?
External approval. Turn on to enable external approval. You can notify the required external approving system by creating a webhook. For information on configuring user sign up notifications to your external approving system, see How do I configure webhooks to notify user sign up and application requests to an external approval system?
Email verification. An email is sent to the email address provided during sign up. Users must follow the steps given in the mail to get onboarded.
Use the arrow keys next to these strategies to change their order.
The strategies are followed by the order they appear.
Click Save.
The onboarding strategy is saved.
Next steps:
User sign up requests are processed based on the onboarding strategy.
How do I configure an approval workflow to process an internal approval onboarding strategy?
Within a workflow, you can specify multiple approval steps. An application is successfully registered when the request passes through the steps configured in the approval workflow. You can also modify the sequence of approval steps based on your requirement.
This use case starts when you want to configure workflow with one or more approval steps with the required approvers to approve a user or application registration request.
In this example, you create a workflow, workflow1 with user1 as first level approver, and anyone from ApproverGroup1 as second level approvers.
Before you begin:
Ensure that you have:
- List of users and user groups that you want to specify as approvers.
- API Administrator privilege.
Click the menu options icon
from the title bar and click Administration.Select Approval workflow.
Click Create approval workflow.
Provide workflow1 in the Name field.
Select User from the Approver type field.
Select user1 from the User list.
Click Add.
Select Group from the Approver type field.
Select usergroup1 from the Group list.
Select Anyone from the Approval mode field.
Click Add.
Click Save.
The approval workflow is created.
Use the move up
and move down 
icons next to approval steps to change their sequence.To specify that everyone from a group must approve the registration, select the required group and select Everyone from the Approval mode field. If you select Everyone, and if anyone in the user group rejects a request, then the request is rejected. When you reject a request, a notification e-mail is sent to the requestor as per the Approval result e-mail notification template. For more information on the e-mail notification template, see How do I configure email notification templates?
- Assign the workflow to internal approval onboarding strategy.
Click the menu options icon
from the title bar and click Pending approvals.Select User onboarding requests.
The list of onboarding requests appears.
Optional. Click a request to view more details about the request.
This screen provides information that are gathered from the users during their sign-up.
Click
next to the required onboarding request to approve the request.
A confirmation screen appears.
Provide your comments, if any in the Reason field, and click Approve.
- In Step 3, you can click
to reject the request. Provide your comments, if any and click Reject.
When you reject a user onboading request, a notification e-mail is sent to the requestor as per the Approval result e-mail notification template. If you have specified more than one approver, and if one of the approver rejects a request then the notification e-mail is sent to the requestor and the other approvers. For more information on the e-mail notification template, see How do I configure email notification templates?. - To approve or reject multiple requests listed on the Pending approvals screen, select the checkboxes next to the required requests and click Approve or Reject. The selected pending requests are approved or rejected at once.
- To approve or reject all requests, select the checkbox in the grid header and click Approve or Reject. All pending requests are approved or rejected at once.
To configure an approval workflow to process an internal approval onboarding strategy
Alternative steps:
Next steps:
Approving User Onboarding Requests
If you have configured an approval workflow for onboarding new users, then approvers can view the pending requests from the Pending approval screen, and approve or reject them. For information about configuring an approval workflow, see How do I configure an approval workflow to process an internal approval onboarding strategy?.
To configure a pending onboarding request
Alternative steps
LDAP Users and Groups Onboarding
How do I create an LDAP connection to import users from a LDAP server?How do I create an LDAP connection to import users from a secured LDAP server?How do I specify attributes for the LDAP connection established with an LDAP server?How do I import users and user groups from an LDAP server?You can add LDAP users and their associated groups as Developer Portal users. You can provide LDAP server details by creating an LDAP connection and import users and user groups from the server. You can specify multiple LDAP servers.
The high level of LDAP configuration workflow is as follows:
How do I create an LDAP connection to import users from a LDAP server?
This use case starts when you want to provide the LDAP server details and ends when you have successfully created a connection.
Before you begin
Ensure the following:
LDAP is enabled. You can enable LDAP by turning the LDAP active slider on.
Multiple LDAP integration is enabled, if you want to specify more than one LDAP server.
LDAP server details.
API Administrator privilege.
To create an LDAP connection
Click the menu options icon
from the title bar and click Administration.Select LDAP.
Click Create LDAP.
In the ID field, provide a unique ID for the LDAP connection.
Provide the Server Name, URL, Username, and Password of the LDAP server.
Based on your security requirements for the LDAP connection, enable the following checks:
Verify host names. Turn on to verify if the LDAP server host name provided matches the name in the SSL certificate Developer Portal receives from the LDAP server while establishing the connection. The LDAP connection fails if the names do not match.
Verify certificates. Turn on to verify the SSL certificates provided by LDAP server. The LDAP connection fails if invalid certificates are provided.
In the Simultaneous connections field, provide the maximum number of simultaneous connections to the same LDAP server.
Provide the Connection timeout and Read timeout values in milliseconds.
Click Save.
The LDAP connection appears in the Connections tab.
Click
of the LDAP connection to verify if Developer Portal is able to connect successfully with the LDAP server.You can import users and user groups from the LDAP connection.
Alternative steps:
Add a secured LDAP connection. For information on creating a secured LDAP connection, see How do I create an LDAP connection to import users from a secured LDAP server?
Configure the LDAP connection settings. For information on configuring the connection settings, see How do I specify attributes for the LDAP connection established with an LDAP server?.
Next steps:
- Import users or user groups from the LDAP server. For information on importing users, How do I import users and user groups from an LDAP server?.
How do I create an LDAP connection to import users from a secured LDAP server?
This use case starts when you want to provide the secured LDAP server details and ends when you have successfully created a connection.
Before you begin
Ensure the following:
LDAP is enabled. You can enable LDAP by turning the LDAP active slider on.
Multiple LDAP integration is enabled, if you want to specify more than one LDAP server.
LDAP server details.
API Administrator privilege.
To create a secured LDAP connection
Click the menu options icon
from the title bar and click Administration.Select LDAP.
Click Create LDAP.
In the ID field, provide a unique ID for the LDAP connection.
Provide the Server name, URL, Username, Password of the LDAP server.
Based on your security requirements for the LDAP connection, enable the following checks:
Verify host names. Turn on to verify if the LDAP server host name provided matches the name in the SSL certificate Developer Portal receives from the LDAP server while establishing the connection. The LDAP connection fails if the names do not match.
Verify certificates. Turn on to verify the SSL certificates provided by LDAP server. The LDAP connection fails if invalid certificates are provided.
Use SSL. Turn on to specify that the connection to the LDAP server is secure. Enable this option or use an LDAPS URL for a secure connection. When you turn this on, the SSL mode list appears.
Select the required SSL mode from the list.
In the Simultaneous connections field, provide the maximum number of simultaneous connections to the same LDAP server.
Provide the Connection timeout and Read timeout values in milliseconds.
Click Save.
The LDAP connection appears in the Connections tab.
Click
of the LDAP connection to verify if Developer Portal is able to connect successfully with the LDAP server.You can import users and user groups from the LDAP connection.
Next steps:
Import users or user groups from the LDAP server. For information on importing users, How do I import users and user groups from an LDAP server?
Configure the LDAP connection settings. For information on configuring the connection settings, see How do I specify attributes for the LDAP connection established with an LDAP server?
How do I specify attributes for the LDAP connection established with an LDAP server?
This use case starts when you have created an LDAP connection and when you want to modify or specify the attribute mappings, user attribute mappings, group attribute mappings, and behavior of the LDAP connection.
Before you begin:
Ensure that you have:
An LDAP connection.
API Administrator privilege.
To specify attributes for the LDAP connection established with an LDAP server
From the Connections tab, click the edit icon
next to the connection.Click the Attribute mappings tab.
Provide the following details:
Field Description objectClass Attribute that contains the object class. DN Fully qualified name (distinguished name). GUID Globally unique Identifier of the LDAP server. Click the User attribute mappings tab.
Provide LDAP user attributes:
Field Description Name, First name, and Last name LDAP user name, first name, and last name. E-mail address and Telephone number Email address and telephone number of the LDAP user. Picture Location of the user’s thumbnail picture. memberOf Attribute that references the groups of a user. User-defined List of LDAP attributes, separated by commas, that are to be imported as user-defined attributes of LDAP user. Click the Group attributes mappings tab.
Provide the following LDAP group attributes:
Field Description Name Group name. hasMember Attribute that references the members of a group. User-defined List of LDAP attributes, that you want to import as user-defined attributes of a group. Click the Behavior tab.
Provide the following details:
Field Description Group object class. Object class of the LDAP group. User object class Object class of the LDAP user. Search paths List of all LDAP search paths separated with semi-colons. Group search paths List of all LDAP search paths for user groups separated by semi-colons. The list provided here overwrites the list of general search paths. User search paths List of LDAP search paths for users separated using semi-colons. The list provided here overwrites the list of general search paths. Group search filter Query filter for LDAP groups. User search filter Query filter for LDAP users. Recursion depth Recursion depth that is to be used for nested groups and users. Page size Maximum number of entries that are loaded in a single LDAP query. Refferals Defines how referrals to other LDAP systems are processed. Click Save.
You have now completed providing LDAP details.
Next steps:
- Import users or user groups from the LDAP server. For information on importing users, How do I import users and user groups from an LDAP server?.
How do I import users and user groups from an LDAP server?
After creating an LDAP connection, you can import the users and user groups present in the LDAP server.
This use case begins when you have created an LDAP connection and ends when you have imported users and user groups from the specified server.
Before you begin:
Ensure that you have:
An LDAP connection.
API Administrator privilege.
To import users and user groups from an LDAP server
Click the menu options icon
from the title bar and click Manage users.Click Import LDAP users or groups.
From the list, select the LDAP connection from which you want to import.
Select one of the following:
Users. To import users from LDAP server.
Groups and associated users. To import user groups and their associated users.
In the text field, provide a value to filter users or groups, if required. Alternatively, type * to import all users or groups from the given LDAP server.
Click the right pane to preview users or groups.
Click Import.
The list of users or groups are imported to Developer Portal.
Next steps:
- Imported users can sign in to Developer Portal using their LDAP credentials.
Single Sign-On Users Onboarding
SAML SSO OnboardingHow do I onboard users using their SAML service provider credentials?How do I configure SAML settings to specify user onboarding configurations?User Onboarding using Social Media AccountHow do I onboard users using their Social media credentials?Developer Portal uses SAML protocol to allow users to sign up with one of their following credentials:
SAML Single Sign-On (SSO) identity provider accounts. The supported applications are:
Okta
PingIdentity
Azure Active Directory
Social media accounts. The supported applications are:
Facebook
Google
GitHub
The onboarding strategy determines how the sign up requests of users who sign up using their SSO credentials must be processed.
SAML SSO Onboarding
The SAML protocol is used to enable the SSO authentication. This authentication mechanism permits users to use one set of login credentials to access multiple applications. In addition to being a user-friendly option, implementing SSO makes user logins more secure as it uses SAML protocol for communication.
You can configure SAML settings and allow users to onboard using one of the following credentials:
Azure Active Directory
Okta
PingIdentity
Important
By default, the Developer Portal destination in API Gateway is configured using the pre-defined user, apigatewaysystemuser. If you configure SAML for Developer Portal sign-in, the pre-defined destination configuration does not work. Hence, if you are setting up SAML sign-in then ensure that you modify the portal destination settings in API Gateway.
The SAML authentication workflow for onboarding users is as follows:
The high level of SAML configuration workflow is as follows:
How do I onboard users using their SAML service provider credentials?
You can enable SSO using one of the following applications:
Okta
PingIdentity
Azure
This use case begins when you want to allow users to onboard using their SSO credentials and ends when you have completed the configuration.
In this example, you enable SSO for user with their Okta credentials.
Before you begin:
Ensure that you:
Enable SAML. You can enable SAML by turning the SAML active slider on.
Create an application in Okta to register the service provider application (Developer Portal) in the Okta, and keep the Identity Provider Single Sign-on URL and Identity Provider Issuer values ready. For information on creating an application in Okta, see https://developer.okta.com/docs/guides/identity-providers/.
To enable SSO onboarding using Okta credentials:
Click the menu options icon
from the title bar and click Administration.Select SAML.
Select Redirect from the Binding list.
Provide the following values copied from Okta SSO application that you created for Developer Portal:
Identity provider Id. Id of the identity provider.
Service provider Id. Id of the service provider. This must be same as the value you specify in Okta.
Single sign-on endpoint and Single logout endpoint. Endpoints that the identity provider must use to send single sign-on and logout payloads.
Click Save.
Your changes are saved.
Alternative steps:
Enable SSO to allow users to sign in to Developer Portal using their PingIdentity or Azure AD credentials.
You must create an application in Okta to register the service provider application (Developer Portal) in the required service provider and provide the Identity Provider Single Sign-on URL and Identity Provider Issuer values in the SAML section:
- For information on creating an application in Azure Active Directory, see https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app.
- For information on creating an application in Azure Active Directory, see https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app.
Next steps:
The Sign in with SSO button appears in the Sign in page.
User can click this button, provide their Okta credentials to sign up to Developer Portal. The sign up request goes through the onboarding strategy.
Configure advanced SAML settings. For information on configuring advanced SAML settings, How do I configure SAML settings to specify user onboarding configurations?.
How do I configure SAML settings to specify user onboarding configurations?
This use case starts when you want to configure SAML settings and ends when you have completed the configuration.
Before you begin:
Ensure you have
Enabled the SAML feature.
API Administrator privilege.
To configure SAML settings:
Click the menu options icon
from the title bar and click Administration.Select SAML.
Click the Signature tab.
Enable the following fields, if required:
Enforce signing of assertions. Turn on to specify that the SAML assertions must be signed. If this is enabled, all assertions received by the application will be signed.
Enforce signing of requests. Turn on to specify that the SAML authentication requests must be signed. If this field is enabled, all requests received by the application must be signed. Requests sent by the application are signed by the selected signature algorithm.
Enforce signing of responses. Turn on to specify whether the SAML authentication response must be signed.
Enforce signing of metadata. Turn on to specify whether the SAML metadata must be signed. If set, the service provider metadata file provided by the application is signed.
Select the required Signature algorithm from the drop-down list.
Click the Keystore tab.
Click Browse and select the SAML keystore file.
Provide the Alias name and Password required to access the keystore file in the corresponding fields.
Select the type of keystore file to be used from the Type drop-down list.
Click the Truststore tab.
Click Browse and select the SAML truststore file.
Provide the Alias name and Password required to access the truststore file in the corresponding fields.
Select the type of truststore file to be used from the Type drop-down list.
Click the User attributes tab.
Provide required values in the following fields:
Field Description First name Attribute name to be used for reading the first name from a SAML assertion. Last name Attribute name to be used for reading the last name from a SAML assertion. E-mail address Attribute name to be used for reading the email addresses from a SAML assertion. Telephone number Attribute name to be used for reading the phone numbers from a SAML assertion. memberOf Attribute that references the groups of a user. User-defined List of attributes, separated by commas, to be imported as user-defined attributes of the user. Click the Advanced settings tab.
Select Create user automatically.
A user is created automatically using the details received from assertion.
Provide information in following fields:
Field Description Login using DN Specifies whether sign in must be tried using the fully qualified name instead of the user name.
The name in the assertion is assigned as the distinguished name of the user being created.Decompose DN Specifies whether the fully qualified name is to be decomposed.
The name in the assertion is assigned as the distinguished name of the user being created only if the name is in an appropriate format.Keyword Specifies which part of the fully qualified name is to be used for login. Authentication context comparison Specifies the level of comparison that must be performed on the assertion context class against the authentication context. If this fails, the user is not authenticated. Name ID format Specifies the format in which the user ID must be saved. Clock skew (in seconds) Specifies the time offset between identity provider and service provider, in seconds. Assertions are accepted if they are received within the permitted time frame. Assertion lifetime (in seconds) Specifies the maximum lifetime of a SAML assertion, in seconds. Assertion consumer service URL Specifies the URL to which the identity provider must send the authentication response. The URL must be given in the format: http(s)://hostname/portal/rest/saml/initssoDefault tenant Specifies the default tenant that is to be used for the SAML-based login. Click Save.
You have specified SAML configuration details. Users can sign up to Developer Portal using their SSO credentials.
User Onboarding using Social Media Account
The OAuth section is used to configure onboarding using social media accounts. You can allow users to onboard using the following accounts:
Google
Facebook
GitHub
To allow users to login through these accounts, you must register an OAuth application in their corresponding sites and provide the API Key and security token details in Developer Portal.
How do I onboard users using their Social media credentials?
You can enable users to sign up using their Facebook, Google, or GitHub credentials.
This use case starts when want to allow user onboarding using their Social media account and ends when you have completed the configuration.
In this example, you enable users to sign in using their Facebook credentials.
Before you begin
Ensure that the OAuth feature is enabled.
Ensure you have registered an OAuth application in Facebook and have the API key and API secret values of the application. For information on registering an application in Facebook, see https://developers.facebook.com/docs/facebook-login/web/.
In the OAuth application that you create in Facebook, provide the Developer Portal URL in the following format:
Developer_Portal_URL/portal/rest/v1/login/callback
To enable SSO onboarding using Facebook credentials:
Click the menu options icon
from the title bar and click Administration.Select OAuth.
Select Facebook from the Providers tab.
Provide the API key and API secret values from the OAuth application registered in Facebook.
Click Save.
Your changes are saved.
Alternative steps
Enable users to use their Google or GitHub credentials to sign in to Developer Portal. You must register an OAuth application in the required social media applications and provide the API key and API secret values of the application.
For information on registering an application in Google, see https://blog.rebex.net/howto-register-gmail-oauth.
For information on registering an application in GitHub, see https://docs.github.com/en/developers/apps/creating-an-oauth-app.
Next steps
User can click this button, provide their Facebook credentials to sign up to Developer Portal.
The sign up request goes through the onboarding strategy.
Data Anonymization
How do I enable or disable automatic anonymization of deleted user data through Developer Portal UI?How do I anonymize the deleted user data using REST API?Overview
Data protection laws and regulations, such as the General Data Protection Regulation (GDPR) requires specific handling of user’s personal data, even after a user is removed. Additionally, employees or other clients with user accounts on Developer Portal may request that any user identifying information such as user name, email addresses, or client IP addresses be removed from Developer Portal.
When a user is deleted from Developer Portal, the audit events retain the information about the user, which should be deleted or anonymized.
When you anonymize user data, the corresponding user name is replaced with anonymous in all applicable instances of the UI.
You can anonymize user data automatically or manually as follows:
Automatic. From the Developer Portal UI, you can configure to anonymize user accounts automatically as and when they are deleted from Developer Portal. The automatic anonymization is enabled by default. When you delete a user account, it is automatically anonymized after a delay of two minutes.
Manual. If you do not want to automatically anonymize the deleted account, use a REST API to anonymize the required list of user accounts.
How do I enable or disable automatic anonymization of deleted user data through Developer Portal UI?
This section explains the steps to enable automatic anonymization of deleted user accounts.
To enable automatic anonymization user data using UI
Click the menu options icon
from the title bar and click Administration.Click General.
Select Enable automatic user anonymization if not selected.
This is selected by default. Clearing the check box disables automatic anonymization.
Click Save.
Your configurations are saved.
How do I anonymize the deleted user data using REST API?
This section describes the REST API used to anonymize the deleted user accounts. You can use the REST API for anonymizing user accounts in bulk.
After you delete a user account, you must wait for a minimum of ten minutes to perform anonymization. This is to ensure that the background operations related to user account removal is completed before the anonymization.
To anonymize user data using REST API
Make a REST call with the required list of user names to the following endpoint:
PUT /users/anonymize
You can provide the list of user accounts within quotes like shown here:
[“user1”,“user2”,“user3”]
The specified user accounts are anonymized.