searching for the right approach to customize the ui

This topic has 1 reply, 2 voices, and was last updated 4 years, 7 months ago by Bill Nelson.

  • Author
    Posts
  • #19838
     pryton
    Participant

    Hello guys,

    i need help to decide the best approach to customize the self service or the admin UI.
    One of the requirements is, to enable a UI for a technical user.
    This user should be more authorized then a normal user but less than a admin.

    Now the question, is it easier to add more UI feature to a normal User?
    Or would it be smarter to restrict some features of the Admin?
    Maybe even a third approach? To provide a full custom UI with only using the REST interface of IDM.

    Is there even a possibility to customize the UI this way?

    best regards

    #20317
     Bill Nelson
    Participant

    “Is there even a possibility to customize the UI this way?” – certainly, but is it worth the time/effort to do so?

    Keep in mind that the UI is not the issue, the UI is nothing more than just a pretty interface into REST API endpoints. So customizing the UI doesn’t guarantee that someone cannot simply make a direct call to an endpoint after you have spent all this time/effort modifying/creating your UI. So don’t think in terms of the UI, think in terms of endpoints and you will be much safer. Of course this means that you need to know what endpoints are called based on UI actions. ForgeRock provides some guidance on this in the Integrator’s Guide, but this is where the Google debugger becomes your friend as well.

    Once you know what endpoints you want to protect and how you want to protect (or expose) them, then you can do that in the script/access.js script. This file allows you to define which endpoints that you want to expose to managed roles (or managed users). If you take the managed roles route, one word of advice – create your managed role with a PUT (not a POST) as that allows you to define the _id of the managed role to a “friendly name” (ie. managed/role/readonly-admin versus managed/role/{java uuid}).

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?