Inviting Users to Register with IdentityNow
If a user is enabled but hasn't registered yet, you can configure the system to automatically send them an email to register in IdentityNow.
The invitation email will include a user name and a link to register. After a user clicks the link in the email and registers for IdentityNow, they'll have access to their Dashboard and any other relevant features configured for your org.
There are a few ways you can invite users to register.
- Manually on the basis of their identity. (This is the default invitation option for identity profiles.)
- Automatically, on the basis of their identity profile.
- Automatically, when they move to a new lifecycle state that's enabled for your site.
You can use the default user invitation email template or choose another one from the list of available templates. You can customize the email template to fit your organization's needs and then test the email invitation to preview the email before sending it in your production environment.
You can configure the registration requirements to change what users are prompted to enter when they register for IdentityNow.
Invitations expire after 7 days. If you've configured invitations to be sent automatically, the system sends a new invitation whenever one expires. Otherwise, you'll need to manually resend invitations to users if their invitation expires before they use it to register with IdentityNow.
- Complete your IdentityNow setup.
- Ensure that each user has a unique, valid email address in the authoritative source configured for your IdentityNow site. The same email address should not be used for more than one user. IdentityNow will only send an email to the first user encountered when it searches the source system — any other users associated with that email address will not be invited to register with IdentityNow.
Inviting Users Manually
By default, all identity profiles are configured to invite users manually. When you invite users manually, an email invitation to register with IdentityNow is sent to each user, at their work email address. This is also necessary after an identity has been reset.
To invite users manually:
- From the Admin interface, select Identities > Identity List.
Select the checkbox for each unregistered user you want to invite.
Select Invite Users to send the email invitation.
You can also use the Identity List to monitor registration activity and resend invitations to unregistered users if their invitation expires. If you configure your identity profiles to automatically invite users, the system automatically resends the invitations when they expire.
Inviting Users Automatically
If you choose an automatic invitation option, email invitations are automatically sent to users in the identity profile. New users added to the identity profile will automatically receive an invitation.
If you have the Provisioning service enabled for your org and select a lifecycle state from the Send at Lifecycle State dropdown menu, invitations will be automatically sent to users when they enter that lifecycle state.
Invitations will not be sent to identities that are already in that state at the time you save this invitation option.
To invite users automatically:
- From the Admin interface, select Identities > Identity Profiles.
- Select the identity profile you want to edit.
Under Invitation Options, select one of the automatic invitation options.
Select a lifecycle state from the Send at Lifecycle State dropdown menu.
This field is only visible if lifecycle states are enabled.
Select Save to save your invitation options.
If you selected a specific lifecycle state, the invitation will be sent whenever an identity with the corresponding identity profile moves into that state. Otherwise, the system sends invitations in batches of 10,000, every two hours. It may take longer for invitation emails to be sent, depending on the system's load.
Configuring Registration Requirements
Users can be prompted for the following when they register for IdentityNow:
An alternate phone number
An alternate email address
Answers to security questions
Their acceptance of a usage agreement
However, with certain configurations you can prevent users from being asked to enter anything when they register.
To prevent users from being prompted for a password, configure pass-through authentication for their identity profiles. Users can sign in using their network credentials.
To prevent users from having to enter their alternate phone or email, you have the following options:
Map and aggregate values for the Alternate Email and Alternate Phone Number attributes in your identity profiles, so that your users are not prompted to enter that information.
If you aggregate these values, and the value you aggregate is incorrect or no longer valid, the user may be unable to strongly authenticate. This might be the case if you have configured the user's identity profile to only allow a user to authenticate using an alternate phone number, and the value for the user's phone number is incorrect.
If you don't want users to accept a usage agreement before using IdentityNow, select Global > System Settings > Usage Agreement and select Disable on any global usage agreements.