Skip to main content

Onboarding a user

Individuals who would like to access the Composer or GraphQL API at / will need to be granted access via Verified Orchestration enterprise application user roles.

We recommend creating Microsoft Entra ID groups mapped to each Verified Orchestration user role. Users can then be added to one or more groups, according to the tasks they would like to carry out on the platform.

A tenant administrator can set up group-to-role mapping and add/remove users from the groups.

Reader

User role: VerifiableCredential.Reader

Permissions:

  • view templates
  • view credentials
  • view issuances
  • view presentations
  • view identities
  • view partners
  • view authentication clients

Issuer

User role: VerifiableCredential.Issuer

Permissions:

  • all the permissions of Reader role, and
  • create identity
  • update identity
  • issue credential
  • create remote issuances
  • view and filter the list of remote issuances
  • view remote issuance details
  • update contact details for pending remote issuances
  • resend remote issuance notifications
  • cancel pending remote issuances
  • upload CSV files to create remote issuances

Credential admin

User role: VerifiableCredential.CredentialAdmin

Permissions:

  • all the permissions of Reader role, and
  • create template
  • edit template
  • delete template
  • create contract
  • edit contract
  • delete contract
  • publish contract
  • deprecate contract
  • create identity
  • update identity
  • revoke issuances

Partner admin

User role: VerifiableCredential.PartnerAdmin

Permissions:

  • all the permissions of Reader role, and
  • find authorities / issuers in verifiable credentials network
  • find contracts / credentials in verifiable credentials network
  • add partner
  • edit partner

Approval request admin

User role: VerifiableCredential.ApprovalRequestAdmin

Permissions:

  • all the permissions of Reader role, and
  • view and filter the list of approval requests
  • view approval request details including actioned approval data
  • cancel pending approval requests

OIDC admin

User role: VerifiableCredential.OidcAdmin

Permissions:

  • all the permissions of Reader role, and
  • add, edit and delete authentication clients
  • add, edit and delete authentication resources

Instance admin

User role: VerifiableCredential.InstanceAdmin

Permissions:

  • all the permissions of Reader role, and
  • modify Concierge branding
  • modify instance configuration