Skip to content

Inviting Users to Register with Identity Security Cloud

If a user is enabled but hasn't registered yet, you can configure the system to automatically send them an email to register in Identity Security Cloud.

The invitation email will include a user name and a link to register. After a user selects the link in the email and registers for Identity Security Cloud, they'll have access to their Dashboard and any other relevant features configured for your org.

There are a few ways you can invite users to register.

  • Manually on the basis of their identity. (This is the default invitation option for identity profiles.)
  • Automatically, on the basis of their identity profile.
  • Automatically, when they move to a new lifecycle state that's enabled for your site.
  • Automatically, when they are invited to certify access in a certification. This applies even if their identity profile is set for manual invitations only.

You can use the default user invitation email template or choose another one from the list of available templates. You can customize the email template to fit your organization's needs and then test the email invitation to preview the email before sending it in your production environment.

You can configure the registration requirements to change what users are prompted to enter when they register for Identity Security Cloud.

Notes

  • Invitations expire after 7 days. If you've configured invitations to be sent automatically, the system sends a new invitation whenever one expires. Otherwise, you'll need to manually resend invitations to users if their invitation expires before they use it to register.
  • You can prevent automated invitation emails by adding #stop, no_send, or Stop to the beginning of the Subject field of the email template.

Prerequisites:

  • Complete your Identity Security Cloud setup.
  • Ensure that each user has a unique, valid email address in the authoritative source configured for your Identity Security Cloud site. The same email address should not be used for multiple users. Identity Security Cloud will only send an email to the first user encountered when it searches the source system; other users associated with that email address will not be invited to register.

Inviting Users Manually

By default, all identity profiles are configured to invite users manually. When you invite users manually, an email invitation to register with Identity Security Cloud is sent to each user at their work email address. This is also necessary after an identity has been reset.

To invite users manually:

  1. Go to Admin > Identity Management > Identities and find the identity you want to invite.
  2. Select Actions > Invite Identity.

To invite multiple users, select the checkboxes next to the identities you want to invite, and select Actions > Invite Identities.

You can also use this page to monitor registration activity and resend invitations to unregistered users if their invitation expires. If you configure your identity profiles to automatically invite users, the system automatically resends the invitations when they expire.

Inviting Users Automatically

You can choose to automatically send email invitations to users in an identity profile. Invitations are sent either when identities are created in the identity profile or when identities enter a specified lifecycle state.

To invite users automatically:

  1. Go to Admin > Identity Management > Identity Profiles.
  2. Select the identity profile you want to edit.
  3. Under Invitation Options, select one of the automatic invitation options.

    Invitation options to send invites to a work or alternate email, or both. It is set to send at an active lifecycle state.

  4. If you want to invite users only when they enter a specific lifecycle state, select that state from the Send at Lifecycle State dropdown list.

    Note

    This field only appears if lifecycle states are enabled for the identity profile, and only enabled lifecycle states are listed.

  5. Select Save to save your invitation configuration.

Invitation Emails

  • When you configure automatic invitations, existing users in the identity profile who meet the criteria and are not registered will be sent an invitation email. These invitations are queued in batches of 10,000, every 2 hours. It may take longer depending on the system's load.
  • As identities are created or updated to meet the invitation criteria, their invitation emails are immediately queued for sending.
  • Users who meet the invitation criteria will receive registration reminder emails every 7 days until they complete registration.
  • You can prevent all automated invitation emails by adding #stop, no_send, or Stop to the beginning of the Subject field of the email template.

Configuring Registration Requirements

Users can be prompted for the following when they register for Identity Security Cloud:

  • A password

  • An alternate phone number

  • An alternate email address

  • Answers to security questions

However, with certain configurations you can prevent users from being asked to enter anything when they register.

  • To prevent users from being prompted for a password, configure pass-through authentication for their identity profiles. Users can sign in using their network credentials.

  • To prevent users from having to enter their alternate phone or email, clear the checkboxes that involve sending verification codes to alternate phones or emails in both the password reset options.

    Caution

    If aggregated values are incorrect or invalid, users may not be able to reset their password. For example, if a user's identity profile requires an alternate phone number to authenticate, the user may not be able to reset their password if the number is incorrect.

  • To prevent users from being prompted to answer security questions, disable security questions as a password reset method.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.