Onboarding User Accounts
EmpowerID’s "Onboard Account" wizard is designed to facilitate the manual onboarding of user accounts. This comprehensive workflow integrates with EmpowerID and other connected account directories, referred to as account stores. It offers versatile options for creating new user accounts. These include accounts for individuals and technical accounts, like service accounts, that are not associated with a specific person. The wizard streamlines the onboarding process, making it more efficient and user-friendly.
In order to customize the user experience during the onboarding process, the workflow offers several adjustable parameters. This article will walk you through the steps of modifying these parameters and running the workflow.
Prerequisites
EmpowerID must be connected to the external account directory to create user accounts in the directory. For more information, see Connectors (OOB).
Procedure
Step 1 – Configure workflow parameters
The Onboard Account wizard workflow incorporates several customizable parameters that you can edit to tailor the onboarding experience to best suit your organization's needs and preferences.
Parameter | Description | Default Value |
---|---|---|
DefaultAccessRequestPolicyID | Specifies the default Access Request Policy to be selected in the drop-down in the Access Request Policy Settings step. The value set for this parameter must be the GUID for the default policy. | 2156D697-42C4-45D2-9F5C-98E51DE927D1 (This is the Access Request Policy ID for the Default Access Request Policy.)
|
DeputyResourceTypeRoleName | Specifies the operational capabilities granted to the deputy owner of the account onboarded by the workflow. | Resource Role Assigner – Resource Role Assigners can add and remove Access Levels directly to and from the account. |
OwnerResourceTypeRoleName | Specifies the operational capabilities granted to the owner of the account onboarded by the workflow. | Resource Role Assigner – Resource Role Assigners can add and remove Access Levels directly to and from the account. |
To configure workflow parameters, do the following:
On the navbar, expand Low Code/No Code Workflow and select Low Code Workflows.
Select the Workflow tab and search for Onboard Account.
Click the Display Name for the workflow.
This directs you to the View One page for the workflow. View One pages are designed to facilitate the viewing and management of the objects to which they correspond in EmpowerID.On the View One page for the workflow, expand the Request Workflow Parameters accordion.
Click the Edit button for the parameter whose value you want to change.
Enter the new value for the selected parameter in the Value field and click Save.
Repeat for any other parameter value changes needed.
Step 2 – Run the workflow
On the navbar, expand Identity Administration and select User Accounts.
Click the Onboard an Account action.
This initiates the Onboard Account Wizard workflow, which guides you through the process of onboarding an account.
Under Request Overview, select whether the account is a person or a non-person technical account and follow the wizard to onboard the account.
In the General tab of the Create User form, enter the following information:
Account Creation Location – Select the directory in which to create the account
Usage Type – Select the type of account
Personal Standard – A Personal Standard account is a basic user account owned by a person for performing everyday tasks. This is the default account type.
Personal Privileged – A Personal Privileged account is a highly privileged user account owned by a person.
Application – An Application account is an account used by applications to access databases or other applications.
Contact – A Contact account is an account that is used as an email contact.
Emergency – An Emergency account is a "break glass" usage account.
Service – Service accounts are special types of accounts that can be used.
Shared Mailbox – A Shared Mailbox account is a disabled user account required for room, equipment or shared mailboxes.
Shared Privileged – A Shared Privileged account is a non-personal account shared by administrative users.
Test User – A Test User account is an account used for testing purposes.
Location – Visibility of this field depends on the type of directory selected for the account creation location; if visible, search for and select the appropriate location
First Name – First name of the user
Last Name – Last name of the user
Display Name – Display name of the user
Logon Name – Logon name of the user
UPN Suffix – Visibility of this field depends on the type of directory selected for the account creation location; if visible, the value should reflect the directory location selected for the user
Country – Country of the user (Optional)
Comments or Justification – Enter any appropriate comments (Optional)
Join Account to an Existing Person – Optional; to join the account to an existing person, search for and select that person.
Create a new Person object – Optional; select this option to create a new EmpowerID Person as the owner of the user account.
Select a Role and Location – Visibility of this field depends on whether you are creating a new EmpowerID Person as the owner of the user account. If visible, click the Select a Role and Location link and then search for and select the appropriate Business Role and Location for the person. All people must belong to a role and location.
User Personal Email to Notify – Visibility of this field depends on whether you are creating a new EmpowerID Person as the owner of the account. If visible, enter an email address for EmpowerID to send a welcome email. (Optional)
Allow me to enter a password – Select to enter a password for the user (Optional)
Password – Visibility of this field depends on whether you have selected Allow me to enter a password. If visible, enter the password for the user
Confirm Password – Visibility of this field depends on whether you have selected Allow me to enter a password. If visible, enter the password for the user
Disabled – Select to disable the account upon creation (Optional)
Allow Join – Allows the account to be joined to an existing Person; selected by default
Allow Provision – Allows a new Person to be provisioned from the user account; selected by default
Enable Sync Password – Allows password changes occurring in EmpowerID to be synced to the external directory
Do Not Allow Delete – Select to prevent the user account from being deleted in the EmpowerID UI (Optional)
Optionally, click the Address tab and fill in the appropriate information as needed.
Optionally, click the Personal tab and fill in the appropriate information as needed.
When ready, click Save.
You should see a successful execution summary message. In the below example, the message states the account and corresponding person (account owner in EmpowerID) was created. You will not see a message about a person if that option was not selected when creating the user account.