Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This topic demonstrates how to manually create user accounts in EmpowerID by creating a user account in a connected account directory (known as an account store in EmpowerID).EmpowerID’s "Onboard Account" wizard is designed to facilitate the manual onboarding of user accounts. This comprehensive workflow integrates with EmpowerID and other connected account directories, referred to as account stores. It offers versatile options for creating new user accounts. These include accounts for individuals and technical accounts, like service accounts, that are not associated with a specific person. The wizard streamlines the onboarding process, making it more efficient and user-friendly.

In order to customize the user experience during the onboarding process, the workflow offers several adjustable parameters. This article will walk you through the steps of modifying these parameters and running the workflow.

Prerequisites

EmpowerID must be connected to the external account directory to create user accounts in the directory. For more information, see Connectors (OOB).

Insert excerpt
IL:New Resource Snippets
IL:New Resource Snippets
nameAllAccess
nopaneltrue

Procedure

Step 1 – Configure workflow parameters

The Onboard Account wizard workflow incorporates several customizable parameters that you can edit to tailor the onboarding experience to best suit your organization's needs and preferences.

Parameter

Description

Default Value

DefaultAccessRequestPolicyID

Specifies the default Access Request Policy to be selected in the drop-down in the Access Request Policy Settings step. The value set for this parameter must be the GUID for the default policy.

2156D697-42C4-45D2-9F5C-98E51DE927D1 (This is the Access Request Policy ID for the Default Access Request Policy.)

DeputyResourceTypeRoleName

Specifies the operational capabilities granted to the deputy owner of the account onboarded by the workflow.

Resource Role Assigner – Resource Role Assigners can add and remove Access Levels directly to and from the account.

OwnerResourceTypeRoleName

Specifies the operational capabilities granted to the owner of the account onboarded by the workflow.

Resource Role Assigner – Resource Role Assigners can add and remove Access Levels directly to and from the account.

To configure workflow parameters, do the following:

  1. On the navbar, expand Low Code/No Code Workflow and select Low Code Workflows.

  2. Select the Workflow tab and search for Onboard Account.

  3. Click the Display Name for the workflow.

    image-20240110-172015.pngImage Added


    This directs you to the View One page for the workflow. View One pages are designed to facilitate the viewing and management of the objects to which they correspond in EmpowerID.

    image-20240110-173212.pngImage Added
  4. On the View One page for the workflow, expand the Request Workflow Parameters accordion.

  5. Click the Edit (blue star) button for the parameter whose value you want to change.

    image-20240110-193820.pngImage Added

  6. Enter the new value for the selected parameter in the Value fieldand click Save.

    image-20240110-194003.pngImage Added

  7. Repeat for any other parameter value changes needed.

Step 2 – Run the workflow

  1. On the navbar, expand Identity Administration and select User Accounts.

  2. Click the Onboard an Account action.

    image-20240110-210841.pngImage Added


    This initiates the Onboard Account Wizard workflow, which guides you through the process of onboarding an account.

    image-20240110-211205.pngImage Added

  1. Under Request Overview, select whether the account is a person or a non-person technical account and follow the wizard to onboard the account.

Tabs macro
summary"Select whether the account is for an existing person."
defaultColor#42526e
activeColor#0052CC
width30
hoverColor#0065FF
tabTypeno-icon
stylestyle-1
alignmentleft
[{"label":"Is a Person","id":"1","content":{"version":1,"type":"doc","content":[{"type":"orderedList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Select whether the account is for an existing person."}]}]}]},{"type":"paragraph","content":[]}]},"icon":""},{"label":"Is a Not-Person Technical Account","id":"2","content":{"content":[{"type":"paragraph","content":[]}],"type":"doc","version":1},"icon":""}]
Easy html macro
theme{"label":"solarized_dark","value":"solarized_dark"}
contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<script src=\"https://kit.fontawesome.com/59759af5bf.js\" crossorigin=\"anonymous\"></script>\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none none none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n \r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: gray\r\n}\r\n.nav-link.active {\r\n background: ghostwhite !important;\r\n color: blue !important;\r\n \r\n}\r\n.tab-content {\r\n background: ghostwhite;\r\n margin-top: -16px;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#simple\" type=\"button\" role=\"tab\"><i class=\"fa-sharp fa-solid fa-person-simple\"></i> Is a Person</button>\r\n <div class = \"bd-callout bd-callout-warning\">\r\n <p><b>Prerequisites</b></p>\r\n <p>EmpowerID must be connected to the external account directory to create user accounts \r\n in the directory. For more information see <a href=\"https://dotnetworkflow.jira.com/wiki/spaces/EAGV21/pages/1446545237/Connectors+OOB\">Connectors (OOB)</a>.</p>\r\n </div>","javascript":"","css":""}

...

Create user accounts

...

On the navbar, expand Identity Administration and select User Accounts.

Click the Create User (Person Optional) action.

...

</li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#advanced\" type=\"button\" role=\"tab\"><i class=\"fa-sharp fa-solid fa-user-gear\"></i> Is a Non-Person Technical Account</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"simple\" role=\"tabpanel\">\r\n <ol>\r\n <li>Select <b>Simple Mode</b> and click <b>Next</b>.</li>\r\n <p><img src=\"https://docs.empowerID.com/assets/img/confluence/People Actions/OnboardWizardSelectSimpleMode.png\" style=\"padding: 10px;max-height: 300px\"/></p>\r\n <li>Enter the following information in the form:</li>\r\n <ul>\r\n <li>First Name &ndash; First name of the person</li>\r\n <li>Last Name &ndash; Last name of the person</li>\r\n <li>Email &ndash; Email address for the person (Optional)</li>\r\n <li>Personal Email &ndash; Personal email address for the person (Optional). If you add an email address to this field, EmpowerID will use it to send a welcome message to the person.</li>\r\n <li>Primary Role and Location &ndash; Click <b>Select a Role and Location</b> and then do the following:</li>\r\n <ul>\r\n <li>Search for and select a Business Role from the <b>Business Role tree</b></li>\r\n <li>Click the <b>Location</b> link and then search for and select a location from the <b>Location tree</b></li>\r\n <li>Click <b>Select</b> to select the Business Role and Location</li>\r\n </ul>\r\n <li>Manager &ndash; Manager of the person (Optional)</li>\r\n </ul>\r\n <li>Click <b>Next</b> to proceed to the next step.</li>\r\n <li>Review the summarized person details and click <b>Submit</b> when ready to onboard the person.</li> \r\n <p><img src=\"https://docs.empowerID.com/assets/img/confluence/People Actions/SimpleModeFormSubmit.png\" style=\"padding: 10px;max-height: 300px\"/></p> \r\n \r\n </ol> \r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"advanced\" role=\"tabpanel\">\r\n <ol>\r\n <li>Select <b>Advanced Mode</b> and then select the following <b>Advanced Options</b>:</li> \r\n <ul>\r\n <li>Do you want to Auto-Generate a Password? Yes or No</li>\r\n <li>Do you want to Assign Management Role Bundle Memberships? Yes or No. <em>Please note that you must have access to add the person to the selected role bundles.</em></li>\r\n <li>Do you want to Assign Pre-Approved Management Roles? Yes or No. <em>Please note that you must have access to add the person to the selected roles.</em></li>\r\n <li>Do you want to Assign Group Memberships? Yes or No. <em>Please note that you must have access to add the person to the selected groups.</em></li>\r\n <li>Do you want to Assign Secondary Role and Locations? Yes or No\r\n </ul>\r\n <li>Click <b>Next</b>.</li>\r\n <li>On the <b>Person</b> tab, fill in the general identity information for the person.</li>\r\n <br />\r\n <h5>Person General Details</h5>\r\n <ul>\r\n <li>First Name &ndash; First name of the person</li>\r\n <li>Initials &ndash; Initials of the person (Optional)</li>\r\n <li>Last Name &ndash; Last name of the person</li>\r\n <li>Display Name &ndash; Name of the person that displays to users in the Web interface</li>\r\n <li>Login &ndash; EmpowerID login for the person</li>\r\n <li>Email &ndash; Email address for the person (Optional)</li>\r\n <li>Personal Email &ndash; Personal email address for the person (Optional). If you add an email address to this field, EmpowerID will use it to send a welcome message to the person.</li>\r\n <li>Primary Business Role and Location &ndash; Click <b>Select a Role and Location</b> and then do the following:</li>\r\n <ul>\r\n <li>Search for and select a Business Role from the <b>Business Role tree</b></li>\r\n <li>Click the <b>Location</b> link and then search for and select a location from the <b>Location tree</b></li>\r\n <li>Click <b>Select</b> to select the Business Role and Location</li>\r\n </ul>\r\n <li>Manager &ndash; Manager of the person (Optional). <em>If the manager has an email address registered in the system, EmpowerID sends that person an email notification of the new person. </em></li>\r\n </ul>\r\n <br />\r\n <h5>Person Password</h5>\r\n <p>This section of the form appears when you have opted to <b>not</b> have the system generate a password for the person.</p>\r\n <ul>\r\n <li>Password &ndash; Password for the person</li>\r\n <li>Confirm Password &ndash; Password for the person</li>\r\n </ul>\r\n <br />\r\n <h5>About Person</h5> \r\n <ul> \r\n <li>Personal Email &ndash; Personal email address for the person (Optional). If you add an email address to this field, EmpowerID will use it to send a welcome message to the person.</li>\r\n <li>Preferred Language &ndash; Allows you to select the language the person prefers. When selected the EmpowerID user interfaces reflect the selected preferred language for the person. If no selection is made, the system selects the default preferred language based on the locale of the person.</li>\r\n <li>Notes &ndash; Notes about the person (optional)</li>\r\n <li>About me &ndash; Can be used to provide contextual information about the person, such as their hobbies and interests (Optional)</li>\r\n </ul>\r\n <li>Optionally, select the <b>Organization</b> tab and fill in the appropriate information for the person.</li>\r\n <br />\r\n <h5>Organization Information</h5> \r\n <ul> \r\n <li>Title &ndash; Person's title</li>\r\n <li>Office &ndash; Person's office</li>\r\n <li>Location &ndash; Person's location</li>\r\n <li>Department &ndash; Person's department</li>\r\n <li>Division &ndash; Person's division</li>\r\n <li>District &ndash; Person's district</li>\r\n <li>Company &ndash; Person's company</li>\r\n </ul>\r\n <br />\r\n <h5>Address and Phone Numbers</h5>\r\n <ul> \r\n <li>Street Address &ndash; Person's street address</li>\r\n <li>Street Address 2 &ndash; Second line of the person's street address</li>\r\n <li>City &ndash; Person's location</li>\r\n <li>State &ndash; Person's state</li>\r\n <li>Province &ndash; Person's province</li>\r\n <li>Country &ndash; Person's country</li> \r\n <li>Postal Code &ndash; Code of letters and/or digits for postal delivery to the person</li>\r\n <li>Telephone &ndash; Person's secondary phone number</li>\r\n <li>Business Phone &ndash; Person business phone number</li>\r\n <li>Mobile Phone Provider &ndash; Person's mobile phone provider</li>\r\n <li>Fax &ndash; Person's fax number</li>\r\n </ul>\r\n <li>Optionally, select the <b>Advanced</b> tab and fill in the appropriate information for the person.</li>\r\n <ul>\r\n <li>Enabled &ndash; Selected by default; deselect if the person account should be disabled from logging in to the system.</li>\r\n <li>Disable Notifications &ndash; Select this option if the person should not receive email notifications from the system.</li>\r\n <li>Allow Attribute Sync &ndash; Selected by default; deselect if the person’s attributes should be synced with user accounts in systems managed by EmpowerID.</li>\r\n <li>Allow Login &ndash; Enabled by default; deselect if the person should not be allowed to log in to the system.</li>\r\n <li>Must Change Password on Next Login &ndash; Select to force the person to change their password when they log in to the system.</li>\r\n </ul>\r\n <li>Click <b>Next</b>.</li>\r\n <li>If you opted to assign pre-approved Management Roles, search for and select the appropriate Management Roles and click <b>Next</b>. If you do not want to select role bundles at this time, click <b>Skip</b>.</li>\r\n <p><img src=\"https://docs.empowerID.com/assets/img/confluence/People Actions/OnboardWizardSelectManagementRoleBundles.png\" style=\"padding: 10px;max-height: 300px\"/></p>\r\n <li>If you opted to select Management Role Bundle Memberships, search for and select the appropriate Management Roles and click <b>Next</b>. If you do not want to select pre-approved roles at this time, click <b>Skip</b>.</li>\r\n <li>If you opted to select group memberships, search for and select the appropriate groups and click <b>Next</b>. If you do not want to select groups at this time, click <b>Skip</b>.</li>\r\n <p><img src=\"https://docs.empowerID.com/assets/img/confluence/People Actions/OnboardWizardSelectGroupMemberships.png\" style=\"padding: 10px;max-height: 300px\"/></p>\r\n <li>Review the summary and click <b>Submit</b> to onboard the person. <br />If you do not want to onboard the person, click <b>Cancel</b>.</li>\r\n \r\n </ol> \r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"another\" role=\"tabpanel\">\r\n <ol>\r\n <li>Select <b>From Another Person</b> and click <b>Next</b>.</li>\r\n <p><img src=\"https://docs.empowerID.com/assets/img/confluence/People Actions/OnboardWizardSelectFromAnotherPerson.png\" style=\"padding: 10px;max-height: 300px\"/></p>\r\n <li>Search for and select the person you want to use as a template for the new person and click <b>Next</b>.</li>\r\n <p><img src=\"https://docs.empowerID.com/assets/img/confluence/People Actions/OnboardWizardSelectFromAnotherPersonSelectPerson.png\" style=\"padding: 10px;max-height: 300px\"/></p>\r\n <li>On the <b>Person</b> tab, fill in the general identity information for the person.</li>\r\n <br />\r\n <h5>Person General Details</h5>\r\n <ul>\r\n <li>First Name &ndash; First name of the person</li>\r\n <li>Initials &ndash; Initials of the person (Optional)</li>\r\n <li>Last Name &ndash; Last name of the person</li>\r\n <li>Display Name &ndash; Name of the person that displays to users in the Web interface</li>\r\n <li>Login &ndash; EmpowerID login for the person</li>\r\n <li>Email &ndash; Email address for the person (Optional)</li>\r\n <li>Primary Business Role and Location &ndash; Click <b>Select a Role and Location</b> and then do the following:</li>\r\n <ul>\r\n <li>Search for and select a Business Role from the <b>Business Role tree</b></li>\r\n <li>Click the <b>Location</b> link and then search for and select a location from the <b>Location tree</b></li>\r\n <li>Click <b>Select</b> to select the Business Role and Location</li>\r\n </ul>\r\n <li>Manager &ndash; Manager of the person (Optional). <em>If the manager has an email address registered in the system, EmpowerID sends that person an email notification of the new person. </em></li>\r\n </ul>\r\n <br />\r\n <h5>Person Password</h5>\r\n <p>This section of the form appears when you have opted to <b>not</b> have the system generate a password for the person.</p>\r\n <ul>\r\n <li>Password &ndash; Password for the person</li>\r\n <li>Confirm Password &ndash; Password for the person</li>\r\n </ul>\r\n <br />\r\n <h5>About Person</h5> \r\n <ul> \r\n <li>Personal Email &ndash; Personal email address for the person (Optional). If you add an email address to this field, EmpowerID will use it to send a welcome message to the person.</li>\r\n <li>Preferred Language &ndash; Allows you to select the language the person prefers. When selected the EmpowerID user interfaces reflect the selected preferred language for the person. If no selection is made, the system selects the default preferred language based on the locale of the person.</li>\r\n <li>Notes &ndash; Notes about the person (optional)</li>\r\n <li>About me &ndash; Can be used to provide contextual information about the person, such as their hobbies and interests (Optional)</li>\r\n </ul>\r\n <li>Optionally, select the <b>Organization</b> tab and fill in the appropriate information for the person.</li>\r\n <br />\r\n <h5>Organization Information</h5> \r\n <ul> \r\n <li>Title&ndash; Person's title</li>\r\n <li>Office &ndash; Person's office</li>\r\n <li>Location &ndash; Person's location</li>\r\n <li>Department &ndash; Person's department</li>\r\n <li>Division &ndash; Person's division</li>\r\n <li>District &ndash; Person's district</li>\r\n <li>Company &ndash; Person's company</li>\r\n </ul>\r\n <br />\r\n <h5>Address and Phone Numbers</h5>\r\n <ul> \r\n <li>Street Address &ndash; Person's street address</li>\r\n <li>Street Address 2 &ndash; Second line of the person's street address</li>\r\n <li>City &ndash; Person's location</li>\r\n <li>State &ndash; Person's state</li>\r\n <li>Province &ndash; Person's province</li>\r\n <li>Country &ndash; Person's country</li> \r\n <li>Postal Code &ndash; Code of letters and/or digits for postal delivery to the person</li>\r\n <li>Telephone &ndash; Person's secondary phone number</li>\r\n <li>Business Phone &ndash; Person business phone number</li>\r\n <li>Mobile Phone Provider &ndash; Person's mobile phone provider</li>\r\n <li>Fax &ndash; Person's fax number</li>\r\n </ul>\r\n <li>Optionally, select the <b>Advanced</b> tab and fill in the appropriate information for the person.</li>\r\n <ul>\r\n <li>Enabled &ndash; Selected by default; deselect if the person account should be disabled from logging in to the system.</li>\r\n <li>Disable Notifications &ndash; Select this option if the person should not receive email notifications from the system.</li>\r\n <li>Allow Attribute Sync &ndash; Selected by default; deselect if the person’s attributes should be synced with user accounts in systems managed by EmpowerID.</li>\r\n <li>Allow Login &ndash; Enabled by default; deselect if the person should not be allowed to log in to the system.</li>\r\n <li>Must Change Password on Next Login &ndash; Select to force the person to change their password when they log in to the system.</li>\r\n </ul>\r\n <li>Click <b>Next</b>.</li>\r\n <li>Optionally, search for and select the appropriate Management Roles to assign to the person and click <b>Next</b>.</li>\r\n <li>Optionally, search for and select the appropriate group memberships for the person and click <b>Next</b>.</li>\r\n <li>Review the summary information for the person and click <b>Submit</b> to onboard the person. If you do not want to onboard the person, click <b>Cancel</b> to exit the workflow.</li>\r\n </ol> \r\n </div> \r\n</div>\r\n","javascript":"","css":""}
  1. In the General tab of the Create User form, enter the following information:

    • Account Creation Location – Select the directory in which to create the account

    • Usage Type – Select the type of account

      • Personal Standard – A Personal Standard account is a basic user account owned by a person for performing everyday tasks. This is the default account type.

      • Personal Privileged – A Personal Privileged account is a highly privileged user account owned by a person.

      • Application – An Application account is an account used by applications to access databases or other applications.

      • Contact – A Contact account is an account that is used as an email contact.

      • Emergency – An Emergency account is a "break glass" usage account.

      • Service – Service accounts are special types of accounts that can be used.

      • Shared Mailbox – A Shared Mailbox account is a disabled user account required for room, equipment or shared mailboxes.

      • Shared Privileged – A Shared Privileged account is a non-personal account shared by administrative users.

      • Test User – A Test User account is an account used for testing purposes.

    • Location – Visibility of this field depends on the type of directory selected for the account creation location; if visible, search for and select the appropriate location

    • First Name – First name of the user

    • Last Name– Last name of the user

    • Display Name– Display name of the user

    • Logon Name – Logon name of the user

    • UPN Suffix – Visibility of this field depends on the type of directory selected for the account creation location; if visible, the value should reflect the directory location selected for the user

    • Country – Country of the user (Optional)

    • Comments or Justification – Enter any appropriate comments (Optional)

    • Join Account to an Existing Person– Optional; to join the account to an existing person, search for and select that person.

    • Create a new Person object – Optional; select this option to create a new EmpowerID Person as the owner of the user account.

    • Select a Role and Location – Visibility of this field depends on whether you are creating a new EmpowerID Person as the owner of the user account. If visible, click the Select a Role and Location link and then search for and select the appropriate Business Role and Location for the person. All people must belong to a role and location.

      Image Modified

    • User Personal Email to Notify – Visibility of this field depends on whether you are creating a new EmpowerID Person as the owner of the account. If visible, enter an email address for EmpowerID to send a welcome email. (Optional)

    • Allow me to enter a password – Select to enter a password for the user (Optional)

    • Password – Visibility of this field depends on whether you have selected Allow me to enter a password. If visible, enter the password for the user

    • Confirm Password – Visibility of this field depends on whether you have selected Allow me to enter a password. If visible, enter the password for the user

    • Disabled– Select to disable the account upon creation (Optional)

    • Allow Join– Allows the account to be joined to an existing Person; selected by default

    • Allow Provision– Allows a new Person to be provisioned from the user account; selected by default

    • Enable Sync Password – Allows password changes occurring in EmpowerID to be synced to the external directory

    • Do Not Allow Delete – Select to prevent the user account from being deleted in the EmpowerID UI (Optional)

  2. Optionally, click the Address tab and fill in the appropriate information as needed.

  3. Optionally, click the Personal tab and fill in the appropriate information as needed.

  4. When ready, click Save.

    Image Modified

  5. You should see a successful execution summary message. In the below example, the message states the account and corresponding person (account owner in EmpowerID) was created. You will not see a message about a person if that option was not selected when creating the user account.

    Image Modified

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue