Skip to main content

User Entity

Learn what User Entity is and what attributes it holds.

User Entity

A user entity is defined by a collection of user operational (status, identifiers, addresses and credentials) and custom attributes, which represent the unique characteristics and information associated with each individual user. These attributes play a crucial role in managing access control, personalization, and user experiences within applications and services.

User operational attributes play an important part in SecureAuth build-in flows and help supporting most common use cases in all Identity world.

User Entity

Operational Attributes

Status

status indicates state of a user entry. It can be new, active, inactive and deleted.

There is a set of common rules that are followed:

  • Only user with the new status can go through built-in Activation flow.

  • Activation flow changes the status to active.

  • Only active user can authenticate themselves.

  • Administrators can mark any user as inactive or new.

Identifiers

identifier is a key that is associated with single user and uniquely identifies it. Its main role is to be used as user identifier during authentication. Besides that, it can be used as a user key in some integration APIs and as the key to find user in user search queries. User can have any number of identifiers.

identifier has its associated type which can be email, mobile, uid or external. Type is used for validation and different types follows different rules:

  • email must follow the email format.

  • mobile must follow the e164 format.

  • uid and external may contain any ASCII character besides an empty space.

An identifier (regardless of its type) can only be assigned to a single user in population.

Addresses

address is either an email or mobile phone number that user claims they possess. User address can be used in built-in flows like Account Activation or Password Reset as the destination where the verification code or link should be delivered. User can have any number of addresses.

address has its associated type which can be email or mobile. Type is used mostly for validation and different types follow different rules:

  • email must follow the email format.

  • mobile must follow the e164 format.

address has a state verified which can eiter be true or false. There are built-in flows that mark address as verified like Account Activation and Address Verification.

There is a set of common rules that are followed:

  • verified address can only be assigned to a single user in population

  • verification of same address by other user ends up with an error.

  • any user can have any unverified address.

As verified address uniquely identifies a user in population it can be used as a user key in some integration APIs and as the key to find user in user search queries.

Credentials

credential is information or data that is used to prove user's identity. It's used during the user authentication.

credential has its associated type which can be password or webauthn.

User can have multiple credentials associated with its entry, but only one of a type.

Timestamps

There is a set of timestamps in user entry that indicates when some action has happen: created_at, updated_at and status_updated_at.

Custom attributes

Besides user operational attributes user entry may contain custom attributes. Read about Custom Attributes.

In this section: