Views:

Related resources:

Explanation

Tutorials

Reference

Providing you are a LUSID user with sufficient privileges, you can set up a new account for a personal user in conjunction with the person for whom the account is intended. Note every user automatically gets a unique ID.

Note: If you are the LUSID domain owner, you are automatically assigned the built-in lusid-administrator role, which has all the permissions necessary to perform the operations in this article.

Once created, you should assign appropriate roles to the user to grant permissions to use LUSID in keeping with their professional responsibilities.

Using the LUSID web app 

  1. Sign in to the LUSID web app using the credentials of a LUSID administrator.
  2. From the left-hand menu, select Identity and Access > Users:
  3. On the Users dashboard, click the Create user button:
     
  4. Specify an Account type of Personal, enter a valid Email address for that person (this will be their LUSID username; it must be unique within your LUSID domain) and optionally choose a role using the Add roles button (you can also do this later):
  5. Click the Save button to send an email to complete the sign up process.

Using the Identity API

  1. Obtain an API access token.
  2. Call the Identity POST /api/users API endpoint for your LUSID domain, passing in your API access token and specifying account characteristics. Note login and emailAddress must reference the same, valid email address (this will be their LUSID username), and it must be unique within your LUSID domain. For example:
    curl -X POST "https://<your-domain>.lusid.com/identity/api/users"
       -H "Authorization: Bearer <your-access-token>"
       -H "Content-Type: application/json"
       -d '{"emailAddress":"john.doe@acme.com","firstName":"John","lastName":"Doe","login":"john.doe@acme.com","roles":[],"type":"Personal"}'
    The response contains an automatically-generated id that uniquely identifies the user:
    {
       "id": "00ubs2thwmMfDLhVN2p7",
       "emailAddress": "john.doe@acme.com",
       "login": "john.doe@acme.com",
       "firstName": "John",
       "lastName": "Doe",
       "roles": [],
       "type": "Personal",
       "status": "PROVISIONED",
       "external": false,
       ...
    }
    An email is automatically sent to complete the sign up process.

Completing the sign up process 

The person for whom the account is intended must complete the sign up process by clicking the link in the email. If they don’t receive the email, you can send it again. This person must specify a LUSID password, and set up at least one MFA factor.

Note a LUSID password must conform to the following specification: 

  • At least 12 characters
  • A lowercase letter
  • An uppercase letter
  • A number
  • A symbol
  • No parts of your username.

Note you can reset a user's password and force them to choose a new one.