User profiles

User profiles is an authoritative source of core user profile information (email, name, job title, etc.) for principals based on data from the identity provider configured for the CDF project.

User profiles are first created (usually within a few seconds) when a principal issues a request against a CDF API. We currently don't support automatic exchange of user identity information between the identity provider and CDF, but the profile data is updated regularly with the latest data from the identity provider for the principals issuing requests against a CDF API.

Note:

  • Do not use other fields than userIdentifier (e.g. email) to uniquely identify a principal. User profile data is mutable and is not guaranteed to be stable or unique (except userIdentifier).
  • Do not use user profile data for authentication or authorization purposes. It is not guaranteed to be under the strict governance necessary for that. For example, one should not use email address as proof of identity or job title to give access to resources.
  • We strongly recommend against storing any user profile data. It is intended for display purposes only and may update at any time. Clients should fetch user profile data at demand, and optionally cache for performance reasons.