The User-Detail-Request and User-Detail-Response integration points, allow your organization to use an external system (such as Active Directory, an Identity Provider, or an ERP). As the Master Source of Truth for user information.
This setup centralizes user management, ensuring that when a user’s department, role, or status changes in your primary system. It is automatically reflected, in Unimarket upon their next login.
How the Integration Works
Trigger: When a user attempts to log in to Unimarket, a
user-detail-requestis sent to your external system.Validation: Your system identifies the user and prepares their current profile details.
Update: Your system sends a
user-detail-responseback to Unimarket.Overwrite: Unimarket receives the details and replaces all existing data for that user (roles, names, organization units, etc.) with the new information.
Implementation Requirements
Persistence: Since the response replaces all local data, your external system must send all required roles every time the user logs in. If a role is omitted in a new response, it will be removed from the user in Unimarket.
Organization Units: The response should also include the user's Organization Unit to ensure they are placed in the correct part of the approval hierarchy.
Identity Mapping: The
identityused in the request must match the unique identifier (e.g., username or email) used in your external system.
Key Data: Unimarket User Roles
To manage permissions externally, your system must store and pass the specific Integration Syntax for each role. Below is the complete reference of Unimarket user roles and their required integration strings:
Administration Roles
| Role Name | Integration Syntax | Definition |
|---|---|---|
| Community Administrator | COMMUNITY_ADMIN | Full community administrative privileges. |
| User Administrator | COMMUNITY_USER_ADMIN | Manage users and roles (cannot assign Community Admin role). |
| Community Management | COMMUNITY_MANAGEMENT | Manage community setup and master data. |
| Community Profile | COMMUNITY_PROFILE | Manage community branding, names, and welcome text. |
| Community Features | COMMUNITY_FEATURES | Manage preferences for checkout, ordering, and matching. |
Purchasing & Sourcing Roles
| Role Name | Integration Syntax | Definition |
|---|---|---|
| Buyer | COMMUNITY_BUYER | Shop the marketplace and create/complete requisitions. |
| Browser | COMMUNITY_BROWSER | Create requisitions and reassign them to Buyers. |
| On Behalf Of | COMMUNITY_ON_BEHALF_OF_BUYER | Create requisitions for any other user. |
| Bid Request | COMMUNITY_RFX_CREATE | Initiate RFQs, RFPs, and RFIs via the sourcing module. |
| RFQ | COMMUNITY_RFQ_CREATE | Initiate simple RFQs with suppliers. |
| Create Blanket Order | COMMUNITY_BLANKET_ORDER_CREATE | Create blanket orders for specific suppliers. |
Invoicing & Finance Roles
| Role Name | Integration Syntax | Definition |
|---|---|---|
| Create Invoices | COMMUNITY_INVOICE_CREATE | Create invoices via PO or Retrofit; force match invoices. |
| Create Buyer Invoices | COMMUNITY_INVOICE_BUYER_CREATE | Create invoices for the user's own orders only. |
| Expenses | COMMUNITY_EXPENSES | Create personal expense claims. |
| On Behalf of Receiving | COMMUNITY_ON_BEHALF_OF_RECEIVING | View and receive all community orders (Central Receiving). |
| View Transactions | COMMUNITY_TRANSACTION_VIEW | View all purchases across the entire community. |
Specialist & Support Roles
| Role Name | Integration Syntax | Definition |
|---|---|---|
| Approval Administrator | COMMUNITY_APPROVALS | Manage community approval configurations and data. |
| Escalate Approval | COMMUNITY_APPROVAL_ESCALATE | Move requisitions forward in the approval chain. |
| Contracts Administrator | CONTRACTS_ADMIN | Edit any contract without being a named member. |
| Supplier Request Admin | COMMUNITY_SUPPLIER_REQUEST_ADMIN | Manage and approve new supplier requests from users. |
| User Support | COMMUNITY_USER_SUPPORT | Switch into other users to assist without making changes. |
Implementation Rule
Crucial Logic: The
user-detail-responsemessage is destructive. If a user currently has three roles in Unimarket, but your external system only sends two in the latest response, the third role will be automatically removed.