Inviting Users to Register with IdentityNow
If a user is enabled but hasn't registered yet, you can configure the system to automatically send them an email to register in IdentityNow.
The invitation email will include a user name and a link to register. After a user selects the link in the email and registers for IdentityNow, they'll have access to their Dashboard and any other relevant features configured for your org.
There are a few ways you can invite users to register.
- Manually on the basis of their identity. (This is the default invitation option for identity profiles.)
- Automatically, on the basis of their identity profile.
- Automatically, when they move to a new lifecycle state that's enabled for your site.
You can use the default user invitation email template or choose another one from the list of available templates. You can customize the email template to fit your organization's needs and then test the email invitation to preview the email before sending it in your production environment.
You can configure the registration requirements to change what users are prompted to enter when they register for IdentityNow.
Invitations expire after 7 days. If you've configured invitations to be sent automatically, the system sends a new invitation whenever one expires. Otherwise, you'll need to manually resend invitations to users if their invitation expires before they use it to register with IdentityNow.
- Complete your IdentityNow setup.
- Ensure that each user has a unique, valid email address in the authoritative source configured for your IdentityNow site. The same email address should not be used for multiple users. IdentityNow will only send an email to the first user encountered when it searches the source system — other users associated with that email address will not be invited to register with IdentityNow.
Inviting Users Manually
By default, all identity profiles are configured to invite users manually. When you invite users manually, an email invitation to register with IdentityNow is sent to each user, at their work email address. This is also necessary after an identity has been reset.
To invite users manually:
- Go to Admin > Identities > Identity List and find the identity you want to invite.
- Select the ellipsis button under Actions and select Invite.
To invite multiple users simultaneously, select the checkboxes next to the identities you want to invite, and select Actions > Invite Users at the top of the identity list.
You can also use the Identity List to monitor registration activity and resend invitations to unregistered users if their invitation expires. If you configure your identity profiles to automatically invite users, the system automatically resends the invitations when they expire.
Inviting Users Automatically
You can choose to automatically send email invitations to users in an identity profile. Invitations are sent either when identities are created in the identity profile or when identities enter a specified lifecycle state.
To invite users automatically:
- Go to Admin > Identities > Identity Profiles.
- Select the identity profile you want to edit.
Under Invitation Options, select one of the automatic invitation options.
If you have lifecycle states enabled for the identity profile, select a lifecycle state from the Send at Lifecycle State dropdown list.
This field only appears if lifecycle states are enabled. If it is visible, it is also required.
Select Save to save your invitation configuration.
- When you configure automatic invitations, existing users in the identity profile who meet the criteria and are not registered will be sent an invitation email. These invitations are queued in batches of 10,000, every two hours. It may take longer depending on the system's load.
- As identities are created or updated to meet the invitation criteria, their invitation emails are immediately queued for sending.
- Users who meet the invitation criteria will receive registration reminder emails every 7 days until they complete registration.
Configuring Registration Requirements
Users can be prompted for the following when they register for IdentityNow:
An alternate phone number
An alternate email address
Answers to security questions
Their acceptance of a usage agreement
However, with certain configurations you can prevent users from being asked to enter anything when they register.
To prevent users from being prompted for a password, configure pass-through authentication for their identity profiles. Users can sign in using their network credentials.
To prevent users from having to enter their alternate phone or email, clear the checkboxes that involve sending verification codes to alternate phones or emails in both in the strong authentication and password reset options.
If you aggregate these values, and the value you aggregate is incorrect or no longer valid, the user may be unable to strongly authenticate. This might be the case if you have configured the user's identity profile to only allow a user to authenticate using an alternate phone number, and the value for the user's phone number is incorrect.
To prevent users from being prompted to answer security questions, disable security questions as a strong authentication and password reset method.
If you don't want users to accept a usage agreement before using IdentityNow, select Global > System Settings > Usage Agreement and select Disable on any global usage agreements.