keycloak-scim/docs/documentation/server_admin/topics/users/ref-personal-data-collected.adoc

// Module included in the following assemblies:
//
// server_admin/topics/users.adoc

[id="ref-personal-data-collected_{context}"]
= Personal data collected by {project_name}

By default, {project_name} collects the following data:

* Basic user profile data, such as the user email, first name, and last name.

* Basic user profile data used for social accounts and references to the social account when using a social login.

* Device information collected for audit and security purposes, such as the IP address, operating system name, and the browser name.

The information collected in {project_name} is highly customizable. The following guidelines apply when making customizations:	

* Registration and account forms can contain custom fields, such as birthday, gender, and nationality.  An administrator can configure {project_name} to retrieve data from a social provider or a user storage provider such as LDAP.

* {project_name} collects user credentials, such as password, OTP codes, and WebAuthn public keys. This information is encrypted and saved in a database, so it is not visible to {project_name} administrators. Each type of credential can include non-confidential metadata that is visible to administrators such as the algorithm that is used to hash the password and the number of hash iterations used to hash the password.	

* With authorization services and UMA support enabled, {project_name} can hold information about some objects for which a particular user is the owner.
Clean Managing Users section (#37) * Clean Managing Users section * Update user.adoc * Update text * Update text 2020-11-05 17:31:15 +00:00			`// Module included in the following assemblies:`
			`//`
			`// server_admin/topics/users.adoc`

			`[id="ref-personal-data-collected_{context}"]`
			`= Personal data collected by {project_name}`

			`By default, {project_name} collects the following data:`

			`* Basic user profile data, such as the user email, first name, and last name.`

			`* Basic user profile data used for social accounts and references to the social account when using a social login.`

			`* Device information collected for audit and security purposes, such as the IP address, operating system name, and the browser name.`

			`The information collected in {project_name} is highly customizable. The following guidelines apply when making customizations:`

			`* Registration and account forms can contain custom fields, such as birthday, gender, and nationality. An administrator can configure {project_name} to retrieve data from a social provider or a user storage provider such as LDAP.`

			`* {project_name} collects user credentials, such as password, OTP codes, and WebAuthn public keys. This information is encrypted and saved in a database, so it is not visible to {project_name} administrators. Each type of credential can include non-confidential metadata that is visible to administrators such as the algorithm that is used to hash the password and the number of hash iterations used to hash the password.`

			`* With authorization services and UMA support enabled, {project_name} can hold information about some objects for which a particular user is the owner.`