Creating People
- Universal Importer for Confluence
- Kim Landis (Unlicensed)
EmpowerID provides a number of actions for creating people, with different options available for each. For example, one is the Create Person Simple Mode action. This action allows non-technical users to initiate creating a new person, requiring minimal information be supplied, such as the new person's First Name, Last Name and primary Business Role and Location. Others, such as the Create Person Advanced action, require more information and provide more configuration options for assigning the new person to one or more Management Roles and groups, as well as to provision assets such as user accounts and mailboxes when the person is created.
If the person being created is assigned to a Business Role and Location where a RET policy is in place, the person will receive all resources specified by the policy.
This topic demonstrates how to create new people using each of the available actions.
To create people in simple mode
- In the Navigation Sidebar of the EmpowerID Web interface, expand Identities and click People.
- From the Actions pane of the Find Person page, click the Create Person Simple Mode action.
This opens the Create Person Request form. - Type the first and last name of the person you are creating in the First Name and Last Name fields, respectively.
- Optionally, fill in the eMail, Personal Email and Comments or Justification fields with the appropriate information.
- Underneath Primary Business Role and Location, click the Select a Role and Location link and in the Role and Location Selector that opens do the following:
- Search for and select the appropriate Business Role for the person.
- Click the Location tab.
- Search for and select the EmpowerID Location for the person.
- Click Select to close the Role and Location Selector.
- Search for and select the appropriate Business Role for the person.
- Optionally, set a future date for the person to be created by clicking the Delay Creation Until field.
Doing so opens a calendar, from which you can specify the date and time EmpowerID is to create the person. To do so, select the appropriate month, year and day from the calendar, and then set the time by sliding the Hour and Minute markers. Once you have set the date and time, click Done to close the calendar. - Back in the main form, click Save.
To create people from orphan user accounts
- In the Navigation Sidebar of the EmpowerID Web interface, expand Identities and click People.
- From the Actions pane of the Person management page, click the Bulk Create People From Accounts action.
- In the Orphan User Accounts lookup that appears, search for the orphaned user account from which you want to create a person and tick the box to the left of the user account record in the grid.
Repeat step 3 for each person you want to create from an orphaned user account.
For immediate processing, leave Wait to See Results selected. If you clear Wait to See Results and click Submit, the process idles and EmpowerID creates a task for it, routing it to any Person with the delegations to continue moving the people.
- Click Submit.
This opens theSelect Business Role and Locationscreen, which allows you to select the Business Role and Location combination for the person you are creating. EmpowerID requires each person to have a Business Role and Location. - From the Business Role pane, search for and select the desired Business Role for the person.
- From the Location pane, search for and select the appropriate EmpowerID Location for the person.
Click Submit.
To see the Operation Execution Summary (OES) message stating whether the person was successfully created, leave Wait to See Results selected. If you clear Wait to See Results and clickSubmit, EmpowerID routes the OES to the Request Center where any Person with the delegations to create a person from an account can view and acknowledge it.
- If you left Wait to See Results selected, click OK to close the Operation Execution Summary.
To create people from file
Prerequisites
Ensure that the first row of the CSV file specifies the appropriate attributes for the user information you are importing. EmpowerID maps the attributes specified in the CSV to the corresponding Person attributes in the Identity Warehouse.
For example, the first row of the CSV used in this article contains the following values:
Name, Logon, FriendlyName and Occupation.
- In the Navigation Sidebar of the EmpowerID Web interface, expand Identities and click People.
- From the Actions pane of the Find Person page, click the Create People From File action.
This opens the Create People From File form. In the Create People From File form, do the following:
- Leave the Object Type set to Person.
Specify the delimiter used to separate the attributes of each person record in the CSV file. The default is the comma.
Ensure that your file contains no spaces between values and delimiters or the import will fail.
- Click the Choose File button and select the file containing the records from which you want to create people.
- Click the Load CSV button to load the records of the people in the CSV file. You will see Attribute Mapping drop-downs for each attribute specified in the first row of the CSV. You can have as many or as few attributes in the CSV file as needed.
Click the Attribute Mapping drop-down for each attribute of the imported records and select the appropriate EmpowerID Person property for those attributes. This ensures that the imported attributes map to the correct person properties.
For immediate processing, leave Wait to See Results selected. If you clear Wait to See Results and clickSubmit, the process idles and EmpowerID creates a task for it, routing it to any Person with the delegations to continue moving the people.
When ready, click Submit.
This opens the Select Business Role and Location screen, which allows you to select the Business Role and Location combination for the people you are creating. EmpowerID requires each person to have a Business Role and Location.
- From the Business Role pane, search for and select the desired Business Role for the people.
- From the Location pane, search for and select the appropriate EmpowerID Location for the people.
Click Submit.
To see the Operation Execution Summary (OES) message stating whether the person was successfully created, leave Wait to See Results selected. If you clear Wait to See Results and click Submit, EmpowerID routes the OES to the Request Center where any Person with the delegations to create a person from an account can view and acknowledge it.
- If you left Wait to See Results selected, click OK to close the Operation Execution Summary.
To create people advanced mode
- In the Navigation Sidebar of the EmpowerID Web interface, expand Identities and click People.
- On the Actions pane of the Find Person page, click the Create Person Advanced action.
This opens the Create Person page, which contains a number of tabs with fields for adding person properties or attributes. - On the General tab, fill in the appropriate general information for the person you are creating.
This information includes the following:- Comments or Justification - Allows you to add any comments related to creating the person.
- First Name - This specifies the first name of the person you are creating.
- Last Name - This specifies the last name of the person you are creating.
- Display Name - This specifies the name that displays to users in the Web interface.
- Login - This specifies the EmpowerID login for the person you are creating. You can enter a value or click the Login Suggestion button to the right of the field to have EmpowerID generate a value for you.
- Personal Email - This specifies the personal email address of the person, if any. If you add an email address to this field, EmpowerID will use it to send a welcome message to the person.
Primary Business Role and Location - This is for assigning the person to a primary Business Role and Location. Each person must have a primary Business Role and Location.
Secondary Business Roles - This is for assigning the person to a secondary Business Role and Location. To assign a Secondary Business Role and Location, you follow the same process used to assign a primary Business Role and Location.
Management Role to Notify - This field allows you to select a Management Role that is to be notified of the new person. To select a Management Role, type the name of the role in the field and then click the tile for that role. You can search for Management Roles by clicking in the field and pressing the ENTER key.
Manager - This field allows you to select the manager of the person being created. To select the manager, type the name of the manager in the field and then click the tile for that person If the manager has an email address, EmpowerID sends that person an email notification of the new person. Type the name of the Management Role you want to assign to the new person and then click the tile for that role. Repeat for each additional Management Role assignment.
Assets to Provision - This section of the form allows you to specify that certain IT assets be provisioned for the person. These assets can include both hard and soft assets like user accounts, Exchange mailboxes, mobile phones and laptops. To provision an asset, you tick the box to the right of the each asset the person should receive.
The assets that appear in this section of the form are linked to specificAsset TypesandAsset Requests. If you wish to provision assets for new people here, you must create these objects first. For task-based help, seeCreating Asset TypesandCreating Asset Requests.
Groups - This section of the form allows you to add the person you are creating to a group. To join the person, you tick the box to the left of the each group to which the person should belong.
By default, the groups that appear in this section—and those for which you can search—are groups that have been tagged with theOnboardingtag, as shown by the below image.
- On the Organization tab, optionally fill in the appropriate organizational information for the person you are creating. The fields available on this tab include the following:
- Title - This specifies the title of the person you are creating. This field maps to the Job Title field in Active Directory.
- Location - This specifies the location for the person you are creating.
- Department - This specifies the department of the person you are creating.
- Department Number - This specifies the department number of the person you are creating.
- Division - This specifies the division of the person you are creating.
- Company - This specifies the company of the person you are creating.
- District - This specified the district of the person you are creating.
- Office - This specifies the office of the person you are creating.
- Person Organization Status - This allows you to specify the status of the person. Options include Active, Alumni, Inactive, Intern, On Leave, Retired, Temporary and Termination Pending.
- On the Contact Information tab, optionally fill in the appropriate contact information for the person you are creating. The fields available on this tab include the following:
Business Address - This allows you to select a business address that has been previously configured in EmpowerID. The addresses that appear in the drop-down are addresses that have been added to the EmpowerID Collection of Physical Addresses. The addresses added to this collection provide an easy way for you to store address data that can be used to automatically the address fields on this form.
By default, this collection contains only one item, theDefaultPhysical Address, which simply sets the person'sNationattribute to the United States. You can expand this collection, adding as many Physical Addresses to it as needed for your organization.
- Street Address - This specifies the Street Address.
- Street Address2 - This specifies the second line of the address, which should follow standard addressing protocol.
- City - This specifies the city.
- State - This specifies the State.
- Country - This specifies the country.
- Postal Code - This specifies the code of letters and/or digits for postal delivery.
- Business Phone - This specifies the business phone number.
- Telephone - This specifies a secondary phone number for the person. This field maps to the otherTelephone field in Active Directory.
- Mobile Phone - This specifies the person's mobile phone number.
- Fax - This specifies the fax number.
- Pager - This specifies the person's pager number.
- Home Telephone - This specifies the person home phone number.
- On the Personal tab, optionally fill in the appropriate personal information for the person you are creating. The fields available on this tab include the following:
- Middle Name - This specifies the middle name of the user.
- Initials - This specifies the initials of the user. This field maps to the initials attribute in Active Directory.
- Preferred First Name - This specifies the preferred first name of the user.
- Preferred Last Name - This specifies the preferred last name of the user.
- Second Last Name - This specifies a second last name for the user, where such is used.
- Generational Suffix - This specifies a generational suffix for the user, such as "JR" or "SR." This field maps to thegenerationQualifier attribute in Active Directory.
- Birth Name - This specifies the person's given name.
- Date Of Birth - This specifies the person's date of birth.
- City Of Birth - This specifies the person city of birth.
- Country Of Birth - This specifies the person country of birth.
- Employee ID - This specifies the person's Employee ID.
- Employee ID Other - This specifies an alternative Employee ID for the person.
- Employee Type - This specifies the Employee Type.
- Expected Hire Date - This allows you to set person's hire date.
- Original Hire Date - This specifies the date of hire.
- Valid From - This allows you to set the beginning date for the person account. If this field is set, the person will not be able to log in before the specified date.
- Valid Until - This allows you to set an ending date for the person account. Typically, the value of this field flows to EmpowerID from an authoritative HR system. If you have implemented EmpowerID's planned Leaver event functionality, the value of this field triggers automated processes to disable and delete the person and all user accounts linked to the person.
- Termination Date - This specifies the date of termination for the person, if any.
- On the Advanced tab, optionally select or clear any advanced settings for the person you are creating. These settings include the following:
- Out Of Office - Specifies whether the person is out of the office. When set to true, this setting can be paired with the Approver Delegates setting. In EmpowerID, Approver Delegates are people who can approve and deny requests on behalf of another person.
- Enabled - Set to true by default, this setting enables or disables the person. Disabled people cannot log in to EmpowerID.
- Allow Login - Set to true by default, this setting allows or disallows the person to log in to EmpowerID. If you deselect this option, the person will be unable to log in to EmpowerID.
- Default Home Page - This specifies the Web page that EmpowerID directs the person to after that person has authenticated. To set the home page, specify the value in the following format: ~/Common/Pages/PageName.
For example, for the default home page to be the SSOApplications page, enter ~/Common/Pages/SSOApplications. - Logon Script - This specifies the path to the script that should be executed each time the user logs in.
- Home Directory - This specifies the home directory (UNC path) for the account you are creating.
- Disable Person Login - Only allows login using a federated account.
- Must Change Password On Next Login - Select this option to require the person to change their password the next time they log in to EmpowerID.
- Require Second Factor Authentication for LDAP - Select this option to to enforce 2nd factor authentication for users logging in using the EmpowerID Virtual Directory server. The EmpowerID Login Workflow checks this policy setting to determine if the user should be forced through the 2nd factor identification state.
- Require Second Factor Authentication for RADIUS - Select this option to to enforce 2nd factor authentication for users logging in from a RADIUS device. The EmpowerID Login Workflow checks this policy setting to determine if the user should be forced through the 2nd factor identification state.
- Disable Email Notification - Select this option to prevent EmpowerID from sending email notifications to the person.
Allow Attribute Sync - Set to true by default, this setting allows or disallows person attributes to flow from EmpowerID to any user accounts joined to the person in accordance with the Attribute Flow Rules set for each account store in which the person has an account.
For more information on Attribute Flow Rules, see Understanding Attribute Flow and Configuring Attribute Flow Rules.
- Sync Password to Accounts - Select this option to make the person's EmpowerID password the password for any user accounts they have in connected account stores.
Enable Time Constraint - Select this option to set date and time-based login parameters for the person. If selected, EmpowerID opens a date and time picker that allows you to specify the dates in which the account is valid and the times within that specified date.
- From the Extension tab, optionally fill in one or more of the Extension Attribute fields as needed. Extension attributes provide a way to enter information about the person that is not defined by default on an EmpowerID person. This information can be interacted with programmatically as needed.
- When you have completed filling in the information for the person you are creating, click the Save button.
Once EmpowerID completes the operation, the Person Details for the person appear.
Related Content