You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Create People
EmpowerID provides a number of actions for creating people, with different options available for each. For example, one is the Create Person Simple Mode action. This action allows non-technical users to initiate creating a new person, requiring minimal information be supplied, such as the new person's First Name, Last Name, and primary Business Role and Location. Others, such as the Create Person Advanced action, require more information and provide more configuration options for assigning the new person to one or more Management Roles and groups, as well as to provision assets such as user accounts and mailboxes when the person is created.
Create People Simple Mode
On the navbar, expand Identity Administration and select People.
In the Actions pane of the Find Person page, click the Create Person Simple Mode action.
Enter the following information in the Create Person Request form:
First Name – First name of the person
Last Name – Last name of the person
Email – Email address for the person (Optional)
Personal Email – Personal email address for the person (Optional)
Primary Role and Location – Click Select a Role and Location and then do the following:
Search for and select a Business Role from the Business Role tree
Click the Location link and then search for and select a location from the Location tree
Click Select to select the Business Role and Location
Manager – Manager of the person (Optional)
Comments or Justification – Comments or justification for creating the person (Optional)
Delay Creation Until – Click the field and select the desired date and time to create the person from the calendar (Optional)
When ready, click Save to commit the request.
Create People from Accounts
On the navbar, expand Identity Administration and select People.
In the Actions pane of the Find Person page, click the Bulk Create People From Accounts action.
In the Orphan User Accounts lookup that appears, search for the orphaned user account from which you want to create a person and check the box to the left of the user account record in the grid.
Repeat step 3 for each person you want to create from an orphaned user account.
When ready, click Submit.
This opens the Select Business Role and Location screen, which allows you to select the Business Role and Location combination for the person you are creating. EmpowerID requires each person to have a Business Role and Location.
In the Business Role pane, search for and select the desired Business Role for the person.
In the Location pane, search for and select the appropriate EmpowerID Location for the person.
Click Submit.
If you left Wait to See Results selected, click OK to close the Operation Execution Summary.
Create People from File
Provisioning with the Create People from File workflow allows you to import attribute information from an external CSV file to create people in EmpowerID.
On the navbar, expand Identity Administration and click People.
From the Actions pane of the Find Person page, click the Create People From File action.
This starts the Create People From File workflow.
In the workflow form, enter the field delimiter for the flat file in the Delimiter field. Comma is the default.
Click Browse and select the file with the user accounts you wish to import. Once you have selected a file, the Browse button is replaced with "File is Selected" text, and the Load CSV button becomes active.
Click the Load CSV button.
The form updates to display the data in the flat file. The column headers are shown in the text above the drop-downs, while the records are shown in the grid.
Map each of the fields from the imported data to the appropriate EmpowerID Person field. To do so, enter the name of the field in the drop-down below your related headers and then click the field to select it.
In our example, we have imported data with the person’s role listed under the Role header. As this header does not match a field for the Person component in EmpowerID, we might want to map it to a corresponding field before submitting the workflow. If a field in the flat file does not have a corresponding Person field in EmpowerID and it is not mapped appropriately, the workflow will ignore it.
When ready, click Submit.
This opens the Select Business Role and Location screen, which allows you to select the Business Role and Location combination for the people you are creating. EmpowerID requires each person to have a Business Role and Location.
From the Business Role pane, search for and select the desired Business Role for the people.
From the Location pane, search for and select the appropriate EmpowerID Location for the people.
Click Submit.
If you left Wait to See Results selected, click OK to close the Operation Execution Summary.
Create People Advanced Mode
In the navigation sidebar, expand Identity Administration and click People.
On the Actions pane of the Find Person page, click the Create Person Advanced action.
This opens the Create Person page, which contains a number of tabs with fields for adding person properties or attributes.
On the General tab, fill in the appropriate general information for the person you are creating.
This information includes the following:Comments or Justification - This allows you to add any comments related to creating the person.
First Name - This specifies the first name of the person you are creating.
Last Name - This specifies the last name of the person you are creating.
Display Name - This specifies the name that displays to users in the Web interface.
Login - This specifies the EmpowerID login for the person you are creating. You can enter a value or click the Login Suggestion button to the right of the field to have EmpowerID generate a value for you. Please note that the Login name can only contain letters and numbers.
Personal Email - This specifies the personal email address of the person if any. If you add an email address to this field, EmpowerID will use it to send a welcome message to the person.
Primary Business Role and Location - This is for assigning the person to a primary Business Role and Location. Each person must have a primary Business Role and Location.
Secondary Business Roles - This is for assigning the person to a secondary Business Role and Location. To assign a Secondary Business Role and Location, you follow the same process used to assign a primary Business Role and Location.
Management Role to Notify - This field allows you to select a Management Role that is to be notified of the new person. To select a Management Role, type the name of the role in the field and then click the tile for that role. You can search for Management Roles by clicking in the field and pressing the ENTER key.
Manager - This field allows you to select the manager of the person being created. To select the manager, type the name of the manager in the field and then click the tile for that person If the manager has an email address, EmpowerID sends that person an email notification of the new person. Type the name of the Management Role you want to assign to the new person and then click the tile for that role. Repeat for each additional Management Role assignment.
Assets to Provision - This section of the form allows you to specify that certain IT assets be provisioned for the person. These assets can include both hard and soft assets like user accounts, Exchange mailboxes, mobile phones, and laptops. To provision an asset, you tick the box to the right of each asset the person should receive.
Groups - This section of the form allows you to add the person you are creating to a group. To join the person, you tick the box to the left of each group to which the person should belong.
On the Organization tab, optionally fill in the appropriate organizational information for the person you are creating. The fields available on this tab include the following:
Title - This specifies the title of the person you are creating. This field maps to the Job Title field in Active Directory.
Location - This specifies the location of the person you are creating.
Department - This specifies the department of the person you are creating.
Department Number - This specifies the department number of the person you are creating.
Division - This specifies the division of the person you are creating.
Company - This specifies the company of the person you are creating.
District - This specified the district of the person you are creating.
Office - This specifies the office of the person you are creating.
Person Organization Status - This allows you to specify the status of the person. Options include Active, Alumni, Inactive, Intern, On Leave, Retired, Temporary, and Termination Pending.
On the Contact Information tab, optionally fill in the appropriate contact information for the person you are creating. The fields available on this tab include the following:
Business Address - This allows you to select a business address that has been previously configured in EmpowerID. The addresses that appear in the drop-down are addresses that have been added to the EmpowerID Collection of Physical Addresses. The addresses added to this collection provide an easy way for you to store address data that can be used to automatically the address fields on this form.
Street Address - This specifies the Street Address.
Street Address2 - This specifies the second line of the address, which should follow standard addressing protocol.
City - This specifies the city.
State - This specifies the State.
Country - This specifies the country.
Postal Code - This specifies the code of letters and/or digits for postal delivery.
Business Phone - This specifies the business phone number.
Telephone - This specifies a secondary phone number for the person. This field maps to the otherTelephone field in Active Directory.
Mobile Phone - This specifies the person's mobile phone number.
Fax - This specifies the fax number.
Pager - This specifies the person's pager number.
Home Telephone - This specifies the person's home phone number.
On the Personal tab, optionally fill in the appropriate personal information for the person you are creating. The fields available on this tab include the following:
Middle Name - This specifies the middle name of the user.
Initials - This specifies the initials of the user. This field maps to the initials attribute in Active Directory.
Preferred First Name - This specifies the preferred first name of the user.
Preferred Last Name - This specifies the preferred last name of the user.
Second Last Name - This specifies a second last name for the user, where such is used.
Generational Suffix - This specifies a generational suffix for the user, such as "JR" or "SR." This field maps to the generationQualifier attribute in Active Directory.
Birth Name - This specifies the person's given name.
Date Of Birth - This specifies the person's date of birth.
City Of Birth - This specifies the person's city of birth.
Country Of Birth - This specifies the person's country of birth.
Employee ID - This specifies the person's Employee ID.
Employee ID Other - This specifies an alternative Employee ID for the person.
Employee Type - This specifies the Employee Type.
Expected Hire Date - This allows you to set a person's hire date.
Original Hire Date - This specifies the date of hire.
Valid From - This allows you to set the beginning date for the person account. If this field is set, the person will not be able to log in before the specified date.
Valid Until - This allows you to set an ending date for the person account. Typically, the value of this field flows to EmpowerID from an authoritative HR system. If you have implemented EmpowerID's Planned Leaver Events (Advanced Termination) functionality, the value of this field triggers automated processes to disable and delete the person and all user accounts linked to the person.
Termination Date - This specifies the date of termination for the person if any.
On the Advanced tab, optionally select or clear any advanced settings for the person you are creating. These settings include the following:
Out Of Office - Specifies whether the person is out of the office. When set to true, this setting can be paired with the Approver Delegates setting. In EmpowerID, Approver Delegates are people who can approve and deny requests on behalf of another person.
Enabled - Set to true by default, this setting enables or disables the person. Disabled people cannot log in to EmpowerID.
Allow Login - Set to true by default, this setting allows or disallows the person to log in to EmpowerID. If you deselect this option, the person will be unable to log in to EmpowerID.
Default Home Page - This specifies the Web page that EmpowerID directs the person to after that person has authenticated. To set the home page, specify the value in the following format: ~/Common/Pages/PageName.
For example, for the default home page to be the SSOApplications page, enter ~/Common/Pages/SSOApplications.Logon Script - This specifies the path to the script that should be executed each time the user logs in.
Home Directory - This specifies the home directory (UNC path) for the account you are creating.
Disable Person Login - Only allows login using a federated account.
Must Change Password On Next Login - Select this option to require the person to change their password the next time they log in to EmpowerID.
Require Second Factor Authentication for LDAP - Select this option to enforce 2nd-factor authentication for users logging in using the EmpowerID Virtual Directory server. The EmpowerID Login Workflow checks this policy setting to determine if the user should be forced through the 2nd-factor identification state.
Require Second Factor Authentication for RADIUS - Select this option to enforce 2nd-factor authentication for users logging in from a RADIUS device. The EmpowerID Login Workflow checks this policy setting to determine if the user should be forced through the 2nd-factor identification state.
Disable Email Notification - Select this option to prevent EmpowerID from sending email notifications to the person.
Allow Attribute Sync - Set to true by default, this setting allows or disallows person attributes to flow from EmpowerID to any user accounts joined to the person in accordance with the Attribute Flow Rules set for each account store in which the person has an account.
Sync Password to Accounts - Select this option to make the person's EmpowerID password the password for any user accounts they have in connected account stores.
Enable Time Constraint - Select this option to set date and time-based login parameters for the person. If selected, EmpowerID opens a date and time picker that allows you to specify the dates in which the account is valid and the times within that specified date.
From the Extension tab, optionally fill in one or more of the Extension Attribute fields as needed. Extension attributes provide a way to enter information about the person that is not defined by default on an EmpowerID person. This information can be interacted with programmatically as needed.
When you have completed filling in the information for the person you are creating, click the Save button.