Versions Compared

Old Version 11

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version 12

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

▪️ Onboard Group – Wizard workflow for onboarding groups with different options for choosing group members and eligibility of pre-approved members. This workflow consists of seven steps, with two being based on the current user’s selections. These steps are configurable via workflow parameters.

Expand
titleView Workflow Parameters

  • Group Usage Type

    • ShowGroupUsageType– This parameter is used to set up the visibility of the Group usage type dropdown and the value is Boolean (true/false).

    • DefaultGroupUsageTypeId – This parameter is used to set up the default value for the Group Usage Type option list and the user needs to input a valid integer value

  • Membership Options

    • ShowMembershipOptions – Boolean value that determines the visibility of the Group Membership Options section of the workflow

    • ShowPermanentMembersOption– Boolean value that determines the visibility of the Permanent Members Option in the Group Membership Options section of the workflow

    • ShowPreApproveMembershipOptions – Boolean value that determines the visibility of the Pre-approved Members option from the Group Membership Options section of the workflow

...

▪️ Manage Your Identity Wizard – Provides a wizard with options to manage identity. This wizard workflow provides Delete MFA device, Enroll for Q&A password reset, Change my password, Edit my profile, Register an MFA authenticator options to manage a user’s identity.

▪️ Login Assistance Wizard Workflow – Presents a wizard with options to assist a person that is having trouble logging in. This wizard workflow provides Send an Azure Temporary Access Pass, Send EmpowerID One-Time Password, Send magic link invitation to change password, Reset Azure MFA for a user to unblock them, Unlock person from Q&A reset, Unenroll a person from Q&A password reset, Unlock a person, and their user accounts options to assist a user to login.

▪️ Manage Account Wizard Workflow – Presents a wizard with options to manage accounts for any mailbox type (User, Shared, Room, Equipment). This workflow can update Mailbox Attributes and SMTP Addresses. Onboard Account – Wizard workflow for onboarding person and non-person technical user accounts with options for vaulting a personal or non-personal credential for the account during the onboarding process. Contextual options are shown to the user depending on the type of account selected.

▪️ Onboard Mailbox – Wizard workflow for onboarding shared, room, or equipment mailboxes with options for publishing the mailbox in the IAM Shop, adding the mailbox to groups, configuring eligibility for requesting access to the mailbox (when published in the IAM Shop), and Access Request settings that direct the approval flow process for when users request access.

...

▪️ Onboard Credential – Wizard workflow for onboarding various types of credentials with options for configuring Access Request settings that control check-out and check-in process as well as eligibility settings for who may request the credential from the IAM Shop. The wizard contains steps for assigning owners and deputies as well as an optional step for assigning the credential to a computer for PSM.

...

▪️ Onboard Computer – Wizard workflow for onboarding computers with options for publishing the computer in the IAM Shop, configuring eligibility for the computer (when published in the IAM Shop), configuring Access Request settings that control approval flow for the computer, as well as options for enabling Privileged Session Management (PSM) and linking PSM credentials to the computer.

...

▪️ Onboard Management Role – Wizard workflow for onboarding Management Roles with options for selecting role type, parent Management Role Definition, IAM Shop publication, and nested roles.

...

Additional Wizard Workflows

▪️ Manage Your Identity Wizard – Wizard workflow with options for users to manage various aspects of their identity to include the following:

✔️ Delete an MFA authenticator

✔️ Enroll for Q&A password reset

✔️ Manage account recovery contacts

✔️ Change their password

✔️ Edit their profile

✔️ Register an MFA authenticator

▪️ Login Assistance Wizard Workflow – Presents a wizard with options to assist a person that is having trouble logging in. This wizard workflow provides Send an Azure Temporary Access Pass, Send EmpowerID One-Time Password, Send magic link invitation to change password, Reset Azure MFA for a user to unblock them, Unlock person from Q&A reset, Unenroll a person from Q&A password reset, Unlock a person, and their user accounts options to assist a user to login.

▪️ Login Assistance Self-Service Wizard Workflow – Accessible by clicking the Login Assistance Workflow link on the login page, this wizard workflow helps users having the following login issues:

Login Issue

Solution

Forgot password to Azure or are locked out of Azure

Send an Azure Temporary Access Pass (TAP) to the user

Forgot password to EmpowerID or are locked out of EmpowerID

Reset person and account passwords and unlock the user

Can no longer do MFA to Azure due to lost phone, new email address, etc.

Reset Azure MFA by unenrolling the user’s current MFA configuration in Azure

Can no longer do MFA to EmpowerID due to lost phone, new email address, etc.

Reset EmpowerID MFA by deleting all the user’s MFA assets and preferences

▪️ Manage Account Wizard Workflow – Wizard workflow with options and actions for managing one or more accounts. Available actions vary depending on the selected option.

Management Options

Management Actions

Only One Account

  • Add user to groups

  • Delete user account

  • Edit account attributes

  • Remove user from groups

Multiple accounts

  • Delete user accounts

  • Disable user accounts

  • Enable user accounts

  • Assign a responsible party

▪️ Manage Mailbox Wizard Workflow – Wizard workflow with options and actions for managing one or more mailboxes. The wizard performs a live access check on the person running the workflow to display only the actions the person is authorized to perform against the selected mailboxes.

▪️ Self-Register Wizard Workflow – Accessible by clicking Sign Up > Partner Self-Register link on the login page, this wizard workflow helps users within a partner organization register for an account in EmpowerID. This new version of the workflow includes more advanced logic to prevent duplicate signup attempts for someone who already exists in the system and it validate the email domain and verifies that the selected OROZID exists before allowing the user to complete the self-registration process.

▪️ Create Partner Organization Workflow – Accessible by clicking Sign Up > Partner Company Registration link on the login page, this workflow has been refactored to run through the Business Request engine. Now when an organization seeks to register themselves as a partner, the system creates a Business Request of type Onboard Partner Organization with one approval step. If approved, the system fulfills the request. To support integrating the workflow with the Business Request engine, the following new features were added:

Feature (Type)

Name

Resource Type Operation

CreatePartner

Approval Flow Policy

Onboard Partner Organization Policy

Approval Flow Step

Provisioning Organization Approval

Approval Flow Policy Step

Onboard Partner Organization Policy - Provisioning Organization Approval

Business Request Type

Onboard Partner Organization

New Adaptive Card Designer in Workflow Studio

...

  • Upgrade the Azure AD SCIM Microservice from .NET 5 to .NET 6

  • Improve the Azure application onboarding workflow to support additional capabilities for OIDC, Non-gallery & gallery apps

  • Added the ability to inventory Exchange Online mailbox-level permissions

Resource Admin Microservice

...