This topic demonstrates how to manually create user accounts in EmpowerID by creating
...
Info | ||
---|---|---|
| ||
EmpowerID must be connected to an external account directory like Active Directory. For more information see Integrations. |
...
a user account in a connected account directory (known as an account store in EmpowerID).
Easy html macro | ||||
---|---|---|---|---|
| ||||
Create user accounts
...
Code Block | ||||
---|---|---|---|---|
| ||||
GET-ADUser -filter {name -eq 'PatriciaCollins'} |
...
On the navbar, expand Identity Administration and select User Accounts.
Click the Create User (Person Optional) action.
This opens the Create User form, which contains a number of tabs with fields for adding user account properties or attributes.
Select an account type from the Account Type drop-down. Account types can include the following:Personal Standard —In the General tab of the Create User form, enter the following information:
- Search for and select the appropriate external directory location for the user account. Click Save to close the Location Selector.
- Select the appropriate UPN suffix from the UPN Suffix drop-down.
- Optionally, type a description in the Description field and any comments in the Comments or Justification field.
Optionally, if you want to join the user account to an existing EmpowerID Person, select Join Account to an Existing Person and search for and select the appropriate person.
To create a new EmpowerID Person from the user account, select Create a new EmpowerID Person object and select the appropriate Business Role and Location for the person. For details, expand the drop-down section.Info To see an example of joining an account to an existing person, see Creating User Accounts for People.
Rw ui expands macro Rw ui expand macro Below Person Business Roletitle To select the Business Role and Location Account Creation Location – Select the directory in which to create the account
Usage Type – Select the type of account
Personal Standard – A Personal Standard account is a basic user account owned by a person for performing everyday tasks. This is the default account type.
Personal
Privileged – A Personal Privileged account is a highly privileged user account owned by a person.
Application – An Application account is an account used by applications to access databases or other applications.
Contact – A Contact account is an account that is used as an email contact.
Emergency – An Emergency account is a "break glass" usage account.
Service – Service
accounts are special types of accounts that can be used.
Shared
Mailbox – A Shared Mailbox account is a disabled user account required for room, equipment or shared mailboxes.
Shared
Privileged – A Shared Privileged account is a non-personal account shared by administrative users.
Test
User – A Test User account is an account used for testing purposes.
Info In EmpowerID, account types are simply classifications for grouping user accounts into Set Groups, reports or different Recertification policies. They do not grant access.
- Enter a first name and last name for the user account in the First Name and Last Name fields.
- Enter a display name and logon name for the user account in the Display Name and Logon Name fields. Below Account Creation Location, click the Select a Location link and in the Location Selector that opens do the following:
Location – Visibility of this field depends on the type of directory selected for the account creation location; if visible, search for and select the appropriate location
First Name – First name of the user
Last Name– Last name of the user
Display Name– Display name of the user
Logon Name – Logon name of the user
UPN Suffix – Visibility of this field depends on the type of directory selected for the account creation location; if visible, the value should reflect the directory location selected for the user
Country – Country of the user (Optional)
Comments or Justification – Enter any appropriate comments (Optional)
Join Account to an Existing Person– Optional; to join the account to an existing person, search for and select that person.
Create a new Person object – Optional; select this option to create a new EmpowerID Person as the owner of the user account.
Select a Role and Location – Visibility of this field depends on whether you are creating a new EmpowerID Person as the owner of the user account. If visible, click the Select a Role and Location link
and then search for and select the appropriate Business Role and Location for the person. All people must belong to a role and location.
- Click the Location tab. Search for and select the EmpowerID Location for the person.
- Click Select to close the Role and Location Selector. Optionally, select
User Personal Email to Notify – Visibility of this field depends on whether you are creating a new EmpowerID Person as the owner of the account. If visible, enter an email address for EmpowerID to send a welcome email. (Optional)
Allow me to enter a password – Select to enter a password for the user (Optional)
Password – Visibility of this field depends on whether you have selected Allow me to enter a password
. If visible, enter the password for the user
Confirm Password – Visibility of this field depends on whether you have selected Allow me to enter a password
. If visible, enter the password
for the user
Disabled– Select to disable the account upon creation (Optional)
Allow Join– Allows the account to be joined to an existing Person; selected by default
Allow Provision– Allows a new Person to be provisioned from the user account; selected by default
Enable Sync Password – Allows password changes occurring in EmpowerID to be synced to the external directory
Do Not Allow Delete – Select to prevent the user account from being deleted in the EmpowerID UI (Optional)
Optionally, click the Address tab and fill in the appropriate information as needed.
Optionally, click the Personal tab and fill in the appropriate information as needed.
When ready, click Save.
Tip For immediate processing, leave Wait to See Results selected. If you clear Wait to See Results and click Submit, the process idles and EmpowerID creates a task for it, routing it to any Person with the delegations to continue creating the account.
If you have opted
Scroll to the Security section and select any settings you want to apply to the account. By default, Allow Joining Account to a Person and Allow Provisioning a Person from Account are selected. These two flags tell EmpowerID that during the next inventory run, it can either join the account to an existing EmpowerID Person or provision a new person for the account if one does not currently exist. If you do not want EmpowerID to take this action, clear these options.
The account store must be configured to Allow Person Provisioning. If it is not, no person is provisioned for the user account.
To verify that the account was created in EmpowerID
...
To verify that the account was created in Active Directory
You should see a successful execution summary message. In the below example, the message states the account and corresponding person (account owner in EmpowerID) was created. You will not see a message about a person if that option was not selected when creating the user account.
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|