Versions Compared

Old Version 1

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This topic demonstrates how to manually create user accounts in EmpowerID by creating

...

Info
titlePrerequisites

EmpowerID must be connected to an external account directory like Active Directory. For more information see Integrations.

...

a user account in a connected account directory (known as an account store in EmpowerID).

Easy html macro
theme{"label":"solarized_dark","value":"solarized_dark"}
contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <div class = \"bd-callout bd-callout-warning\">\r\n <p><b>Prerequisites</b></p>\r\n <p>EmpowerID must be connected to the external account directory to create user accounts \r\n in the directory. For more information see <a href=\"https://dotnetworkflow.jira.com/wiki/spaces/EAGV21/pages/1446545237/Connectors+OOB\">Connectors (OOB)</a>.</p>\r\n </div>","javascript":"","css":""}
Create user accounts
...
 Code Block
languagepowershell
themeEmacs
GET-ADUser -filter {name -eq 'PatriciaCollins'}
...
  1. On the navbar, expand Identity Administration and select User Accounts.
  2. Click the Create User (Person Optional) action. 
    Image RemovedImage Added

    This opens the Create User form, which contains a number of tabs with fields for adding user account properties or attributes.
    Image Removed
    Select an account type from the Account Type drop-down. Account types can include the following:Personal StandardImage Added
  3. In the General tab of the Create User form, enter the following information:
  4. Search for and select the appropriate external directory location for the user account.
    5. Click Save to close the Location Selector.
    Image Removed
  5. Select the appropriate UPN suffix from the UPN Suffix drop-down.
  6. Optionally, type a description in the Description field and any comments in the Comments or Justification field.
  7. Optionally, if you want to join the user account to an existing EmpowerID Person, select Join Account to an Existing Person and search for and select the appropriate person.
     Info
    To see an example of joining an account to an existing person, see Creating User Accounts for People.
    To create a new EmpowerID Person from the user account, select Create a new EmpowerID Person object and select the appropriate Business Role and Location for the person. For details, expand the drop-down section.
     Rw ui expands macro Rw ui expand macro
    titleTo select the Business Role and Location
    Below Person Business Role
    • Account Creation Location – Select the directory in which to create the account
    • Usage Type – Select the type of account
      • Personal Standard – A Personal Standard account is a basic user account owned by a person for performing everyday tasks. This is the default account type.
      • Personal 
       Privileged — 
      • Privileged – A Personal Privileged account is a highly privileged user account owned by a person.
      Application — 
      • Application – An Application account is an account used by applications to access databases or other applications.
      Contact — 
      • Contact – A Contact account is an account that is used as an email contact.
      Emergency — 
      • Emergency – An Emergency account is a "break glass" usage account.
      • Service – Service 
       — Service 
      •  accounts are special types of accounts that can be used.
      • Shared 
       Mailbox — 
      • Mailbox – A Shared Mailbox account is a disabled user account required for room, equipment or shared mailboxes.
      • Shared 
       Privileged — 
      • Privileged – A Shared Privileged account is a non-personal account shared by administrative users.
      • Test 
       User — 
      • User – A Test User account is an account used for testing purposes.
       Info
      In EmpowerID, account types are simply classifications for grouping user accounts into Set Groups, reports or different Recertification policies. They do not grant access.
  8. Enter a first name and last name for the user account in the First Name and Last Name fields.
  9. Enter a display name and logon name for the user account in the Display Name and Logon Name fields. 
    10. Below Account Creation Location, click the Select a Location link and in the Location Selector that opens do the following:
    • Location – Visibility of this field depends on the type of directory selected for the account creation location; if visible, search for and select the appropriate location
    • First Name – First name of the user
    • Last Name– Last name of the user
    • Display Name– Display name of the user
    • Logon Name – Logon name of the user
    • UPN Suffix – Visibility of this field depends on the type of directory selected for the account creation location; if visible, the value should reflect the directory location selected for the user
    • Country – Country of the user (Optional)
    • Comments or Justification – Enter any appropriate comments (Optional)
    • Join Account to an Existing Person– Optional; to join the account to an existing person, search for and select that person. 
    • Create a new Person object – Optional; select this option to create a new EmpowerID Person as the owner of the user account. 
    • Select a Role and Location – Visibility of this field depends on whether you are creating a new EmpowerID Person as the owner of the user account. If visible, click the Select a Role and Location link 
    .In the Business Role and Location selector that appears, 
    • and then search for and select the appropriate Business Role and Location for the person. All people must belong to a role and location.

  11. Click the Location tab.
    12. Search for and select the EmpowerID Location for the person.
  12. Click Select to close the Role and Location Selector.
    13. Optionally, select 

    • Image Added
    • User Personal Email to Notify – Visibility of this field depends on whether you are creating a new EmpowerID Person as the owner of the account. If visible, enter an email address for EmpowerID to send a welcome email. (Optional)
    • Allow me to enter a password – Select to enter a password for the user (Optional)
    • Password – Visibility of this field depends on whether you have selected Allow me to enter a password
     if you want to set 
    • . If visible, enter the password for the user
     account.
    Selecting this option changes the form to display the Password and Confirm Password fields.
    Image Removed
    If you have opted 
    • Confirm Password – Visibility of this field depends on whether you have selected Allow me to enter a password
     for the user account, type 
    • . If visible, enter the password 
     in the Password and Confirm Password fields.
    Scroll to the Security section and select any settings you want to apply to the account. By default, Allow Joining Account to a Person and Allow Provisioning a Person from Account are selected. These two flags tell EmpowerID that during the next inventory run, it can either join the account to an existing EmpowerID Person or provision a new person for the account if one does not currently exist. If you do not want EmpowerID to take this action, clear these options.
     InfoEmpowerID determines whether to join new accounts to existing people or provision new people from those accounts based on the Join and Provision rules set for your environment. For more information on these rules, see Account Inbox Overview and Reviewing Join and Provision Rules.
    The account store must be configured to Allow Person Provisioning. If it is not, no person is provisioned for the user account.Image Removed
    • for the user
    • Disabled– Select to disable the account upon creation (Optional)
    • Allow Join– Allows the account to be joined to an existing Person; selected by default
    • Allow Provision– Allows a new Person to be provisioned from the user account; selected by default
    • Enable Sync Password – Allows password changes occurring in EmpowerID to be synced to the external directory
    • Do Not Allow Delete – Select to prevent the user account from being deleted in the EmpowerID UI (Optional)
  13. Optionally, click the Address tab and fill in the appropriate information as needed.
  14. Optionally, click the Personal tab and fill in the appropriate information as needed.
  15. When ready, click Save.
     Tip
    For immediate processing, leave Wait to See Results selected. If you clear Wait to See Results and click Submit, the process idles and EmpowerID creates a task for it, routing it to any Person with the delegations to continue creating the account.
To verify that the account was created in EmpowerID
...
To verify that the account was created in Active Directory
  1. Image Added
  2. You should see a successful execution summary message. In the below example, the message states the account and corresponding person (account owner in EmpowerID) was created. You will not see a message about a person if that option was not selected when creating the user account.
    Image Added
 Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue