Creating People

EmpowerID provides a number of actions for creating people, with different options available for each. For example, one of the actions is the Create Person Simple Mode action. This action allows non-technical users to initiate creating a new person, requiring minimal information be supplied, such as the new person's First Name, Last Name and primary Business Role and Location. Others, such as the Create Person Advanced action, require more information and provide more configuration options for assigning the new person to one or more Management Roles and groups, as well as to provision assets, such as user accounts and mailboxes, when the person is created.

If the person being created is assigned to a Business Role and Location where a RET policy is in place, the person will receive all resources specified by the policy.

This topic demonstrates how to create new people using each of the available actions.

To create people simple mode

  1. From the Navigation Sidebar of the EmpowerID Web interface, navigate to the Person management page by expanding Identities and clicking People.
  2. From the Actions pane of the Person management page, click the Create Person Simple Mode action.
  3. This opens the Create Person Request form.

  4. Type the first and last name of the person you are creating in the First Name and Last Name fields, respectively.
  5. Optionally, fill in the eMail, Personal Email and Comments or Justification fields with the appropriate information.
  6. Underneath Primary Business Role and Location, click the Select a Role and Location link and in the Role and Location Selector that opens do the following:
    1. Search for and select the appropriate Business Role for the person.
    2. Click the Location tab.
    3. Search for and select the EmpowerID Location for the person.
    4. Click Select to close the Role and Location Selector.
  7. Optionally, set a future date for the person to be created by clicking the Delay Creation Until field.
  8. Doing so opens a calendar, from which you can specify the date and time EmpowerID is to create the person. To do so, select the appropriate month, year and day from the calendar, and then set the time by sliding the Hour and Minute markers. Once you have set the date and time, click Done to close the calendar.

  9. Back in the main form, click Save.

To create people from orphan user accounts

  1. From the Navigation Sidebar of the EmpowerID Web interface, navigate to the Person management page by expanding Identities and clicking People.
  2. From the Actions pane of the Person management page, click the Bulk Create People From Accounts action.
  3. In the Orphan User Accounts lookup that appears, search for the orphaned user account from which you want to create a person and tick the box to the left of the user account record in the grid.
  4. Repeat step 3 for each person you want to create from an orphaned user account.
  5. To allow the process to continue leave Wait to See Results selected. If you deselect Wait to See Results on this screen and then click Submit, the creation process will idle and EmpowerID will create a task for it, routing it to any person with the delegations to continue creating the person.
  6. Click Submit.
  7. This opens the Select Business Role and Location screen, which allows you to select the Business Role and Location combination for the person you are creating. EmpowerID requires each person to have a Business Role and Location.

  8. From the Business Role pane, search for and select the desired Business Role for the person.
  9. From the Location pane, search for and select the appropriate EmpowerID Location for the person.
  10. Select or deselect Wait to See Results as appropriate. When selected (the default configuration), EmpowerID displays an Operation Execution Summary (OES) message. This message states whether or not the person was successfully created. If this option is deselected, the OES is routed to the Request Center where it can be viewed and acknowledged by anyone with the delegations to create a person from an account.
  11. Click Submit.
  12. If you left Wait to See Results selected, click OK to close the Operation Execution Summary.

To create people from file

Provisioning with the Create People from File workflow allows you to import attribute information from an external CSV file to create people in EmpowerID.
Please ensure the first row of the CSV file specifies the appropriate attributes for the user information you are importing. EmpowerID maps the attributes specified in the CSV to their corresponding Person attributes in the Identity Warehouse. For example, the first row of the CSV used in this article contains the following values: Name, Logon, FriendlyName and Occupation.
  1. From the Navigation Sidebar of the EmpowerID Web interface, navigate to the Person management page by expanding Identities and clicking People.
  2. From the Actions pane of the Person management page, click the Create People From File action.
  3. This opens the Create People From File form.

  4. In the Create People From File form, do the following:
    1. Leave the Object Type set to Person.
    2. Specify the delimiter used to separate the attributes of each person record in the CSV file. The default is the comma.
    3. Please ensure that your file contains no spaces between values and the delimiter or the import will fail.
    4. Click the Choose File button and select the file containing the records from which you want to create people.
    5. Click the Load CSV button to load the records of the people in the CSV file. You will see Attribute Mapping drop-downs for each attribute specified in the first row of the CSV. You can have as many or as few attributes in the CSV file as needed.
    6. Click the Attribute Mapping drop-down for each attribute of the imported records and select the appropriate EmpowerID Person property for those attributes. This ensures that the imported attributes map to the correct person properties.
    7. To allow the process to continue leave Wait to See Resultsselected. If you deselect Wait to See Results on this screen and then click Submit, the creation process will idle and EmpowerID will create a task for it, routing it to any person with the delegations to continue creating the person.
    8. When ready, click Submit.

    This opens the Select Business Role and Location screen, which allows you to select the Business Role and Location combination for the people you are creating. EmpowerID requires each person to have a Business Role and Location.

  5. From the Business Role pane, search for and select the desired Business Role for the people.
  6. From the Location pane, search for and select the appropriate EmpowerID Location for the people.
  7. Select or deselect Wait to See Results as appropriate. When selected (the default configuration), EmpowerID displays an Operation Execution Summary (OES) message. This message states whether or not the person was successfully created. If this option is deselected, the OES is routed to the Request Center where it can be viewed and acknowledged by anyone with the delegations to create a person from an account.
  8. Click Submit.
  9. If you left Wait to See Results selected, click OK to close the Operation Execution Summary.

To create people advanced mode

  1. From the Navigation Sidebar of the EmpowerID Web interface, navigate to the Person management page by expanding Identities and clicking People.
  2. From the Actions pane of the Person management page, click the Create Person Advanced action.
  3. This opens the Create Person page, which contains a number of tabs with fields for adding person properties or attributes.

  4. From the General tab, fill in the appropriate general information for the person you are creating. This information includes the following:
    • Comments or Justification - Allows you to add any comments related to creating the person.
    • First Name - This specifies the first name of the person you are creating.
    • Last Name - This specifies the last name of the person you are creating.
    • Display Name - This specifies the name that displays to users in the Web interface.
    • Login - This specifies the EmpowerID login for the person you are creating. You can enter a value or click the Login Suggestionbutton to the right of the field to have EmpowerID generate a value for you.
    • Personal Email - This specifies the personal email address of the person, if any. If you add an email address to this field, EmpowerID will use it to send a welcome message to the person.
    • Primary Business Role and Location - This is for assigning the person to a primary Business Role and Location. Each person must have a primary Business Role and Location.
      • To set the Primary Business Role
        1. Search for and select the appropriate Business Role the person.
        2. Click the Location tab.
        3. Search for and select the EmpowerID Location in which the person is to be placed.
        4. Click Select to close the Role and Location Selector.
    • Secondary Business Roles - This is for assigning the person to a secondary Business Role and Location. To assign a Secondary Business Role and Location, you follow the same process used to assign a primary Business Role and Location.
    • Management Role to Notify - This field allows you to select a Management Role that is to be notified of the new person. To select a Management Role, type the name of the role in the field and then click the tile for that role. You can search for Management Roles by clicking in the field and pressing the ENTER key.
    • Manager - This field allows you to select the manager of the person being created. To select the manager, type the name of the manager in the field and then click the tile for that person If the manager has an email address, EmpowerID sends that person an email notification of the new person.
    • Type the name of the Management Role you want to assign to the new person and then click the tile for that role.
    • Repeat for each additional Management Role assignment.
    • Assets to Provision - This section of the form allows you to specify that certain IT assets be provisioned for the person. These assets can include both hard and soft assets like user accounts, Exchange mailboxes, mobile phones and laptops. To provision an asset, you tick the box to the right of the each asset the person should receive.
    • The assets that appear in this section of the form are linked to specific Asset Types and Asset Requests. If you wish to provision assets for new people here, you must create these objects first. For task-based help, see Creating Asset Types and Creating Asset Requests.
    • Groups - This section of the form allows you to add the person you are creating to a group. To join the person, you tick the box to the left of the each group to which the person should belong.
    • By default, the groups that appear in this section—and those for which you can search—are groups that have been tagged with the Onboarding tag, as shown by the below image.

  5. From the Organization tab, optionally fill in the appropriate organizational information for the person you are creating. The fields available on this tab include the following:
    • Title - This specifies the title of the person you are creating. This field maps to the Job Title field in Active Directory.
    • Location - This specifies the location for the person you are creating.
    • Department - This specifies the department of the person you are creating.
    • Department Number - This specifies the department number of the person you are creating.
    • Division - This specifies the division of the person you are creating.
    • Company - This specifies the company of the person you are creating.
    • District - This specified the district of the person you are creating.
    • Office - This specifies the office of the person you are creating.
    • Person Organization Status - This allows you to specify the status of the person. Options include Active, Alumni, Inactive, Intern, On Leave, Retired, Temporary and Termination Pending.

  6. From the Contact Information tab, optionally fill in the appropriate contact information for the person you are creating. The fields available on this tab include the following:
    • Business Address - This allows you to select a business address that has been previously configured in EmpowerID. The addresses that appear in the drop-down are addresses that have been added to the EmpowerID Collection of Physical Addresses. The addresses added to this collection provide an easy way for you to store address data that can be used to automatically the address fields on this form.
    • By default, this collection contains only one item, the Default Physical Address, which simply sets the person's Nation attribute to the United States. You can expand this collection, adding as many Physical Addresses to it as needed for your organization.
      • To create a Physical Address
        1. Log in to the EmpowerID Management Console as an administrator.
        2. From the EmpowerID Management Console, navigate to Configuration Manager by clicking the EmpowerID application icon and selecting Configuration Manager from the context menu.
        3. In the application navigation tree of Configuration Manager, expand the Miscellaneous Configuration node and then click Physical Addresses.
        4. Click the Add New button located above the Configuration Manager grid.
        5. In the Address Details screen that appears, enter the appropriate information in the form fields and then click Save. A description of each field follows below.
          • Name - This specifies the name for the physical address object in EmpowerID.
          • Display Name - This specifies the name for the physical address that appears to users in the EmpowerID UI. If this field is left blank, the Name value is passed to it.
          • Description - This describes the physical address object.
          • Contact Person - This specifies the contact person for the physical address.
          • Phone Number - This specifies the Business Phone for the address.
          • Floor - This specifies floor information for the address.
          • Room Number - This specifies the Room Number.
          • Address Line 1 - This specifies the Street Address.
          • Address Line 2 - This specifies the second line of the address, which should follow standard addressing protocol.
          • City - This specifies the City of the address.
          • State Province - This specifies the State or Province of the address.
          • Postal Code - This specifies the code of letters and/or digits for postal delivery.
          • Address Type - This specifies the type of address, such as work address or mailing address.
    • Street Address - This specifies the Street Address.
    • Street Address2 - This specifies the second line of the address, which should follow standard addressing protocol.
    • City - This specifies the city.
    • State - This specifies the State.
    • Country - This specifies the country.
    • Postal Code - This specifies the code of letters and/or digits for postal delivery.
    • Business Phone - This specifies the business phone number.
    • Telephone - This specifies a secondary phone number for the person. This field maps to the otherTelephone field in Active Directory.
    • Mobile Phone - This specifies the person's mobile phone number.
    • Fax - This specifies the fax number.
    • Pager - This specifies the person's pager number.
    • Home Telephone - This specifies the person home phone number.
  7. From the Personal tab, optionally fill in the appropriate personal information for the person you are creating. The fields available on this tab include the following:
    • Middle Name - This specifies the middle name of the user.
    • Initials - This specifies the initials of the user. This field maps to the initials attribute in Active Directory.
    • Preferred First Name - This specifies the preferred first name of the user.
    • Preferred Last Name - This specifies the preferred last name of the user.
    • Second Last Name - This specifies a second last name for the user, where such is used.
    • Generational Suffix - This specifies a generational suffix for the user, such as "JR" or "SR." This field maps to thegenerationQualifier attribute in Active Directory.
    • Birth Name - This specifies the person's given name.
    • Date Of Birth - This specifies the person's date of birth.
    • City Of Birth - This specifies the person city of birth.
    • Country Of Birth - This specifies the person country of birth.
    • Employee ID - This specifies the person's Employee ID.
    • Employee ID Other - This specifies an alternative Employee ID for the person.
    • Employee Type - This specifies the Employee Type.
    • Expected Hire Date - This allows you to set person's hire date.
    • Original Hire Date - This specifies the date of hire.
    • Valid From - This allows you to set the beginning date for the person account. If this field is set, the person will not be able to log in before the specified date.
    • Valid Until - This allows you to set an ending date for the person account. If this field is set, the person will not be able to log in after the specified date.
    • Termination Date - This specifies the date of termination for the person, if any.
  8. From the Advanced tab, optionally select or deselect any advanced settings for the person you are creating. These settings include the following:
    • Out Of Office - Specifies whether the person is out of the office. When set to true, this setting can be paired with the Approver Delegates setting. In EmpowerID, Approver Delegates are people who can approve and deny requests on behalf of another person.
    • Enabled - Set to true by default, this setting enables or disables the person. Disabled people cannot log in to EmpowerID.
    • Allow Login - Set to true by default, this setting allows or disallows the person to log in to EmpowerID. If you deselect this option, the person will be unable to log in to EmpowerID.
    • Default Home Page - This specifies the Web page that EmpowerID directs the person to after that person has authenticated. To set the home page, specify the value in the following format: ~/Common/Pages/TheNameOfThePage. So for example, if you want the default home page to be the SSOApplications page, you would enter ~/Common/Pages/SSOApplications in this field.
    • Logon Script - This specifies the path to the script that should be executed each time the user logs in.
    • Home Directory - This specifies the home directory (UNC path) for the account you are creating.
    • Disble Person Login - only allow login using federated account -
    • Must Change Password On Next Login - Select this option to require the person to change their password the next time they log in to EmpowerID.
    • Require Second Factor Authentication for LDAP - Select this option to to enforce 2nd factor authentication for users logging in using the EmpowerID Virtual Directory server. The EmpowerID Login Workflow checks this policy setting to determine if the user should be forced through the 2nd factor identification state.
    • Require Second Factor Authentication for RADIUS - Select this option to to enforce 2nd factor authentication for users logging in from a RADIUS device. The EmpowerID Login Workflow checks this policy setting to determine if the user should be forced through the 2nd factor identification state.
    • Disable Email Notification - Select this option to prevent EmpowerID from sending email notifications to the person.
    • Allow Attribute Sync - Set to true by default, this setting allows or disallows person attributes to flow from EmpowerID to any user accounts joined to the person in accordance with the Attribute Flow Rules set for each account store in which the person has an account.
    • For more information on Attribute Flow Rules, see Understanding Attribute Flow and Configuring Attribute Flow Rules.
    • Sync Password to Accounts - Select this option to make the person's EmpowerID password the password for any user accounts they have in connected account stores.
    • Enable Time Constraint - Select this option to set date and time-based login parameters for the person. If selected, EmpowerID opens a date and time picker that allows you to specify the dates in which the account is valid and the times within that specified date.
      • To enable time constraint for the person account
        1. Tick Enable Time Constraint. You should see two fields, an Access Begins field and an Access Ends field.
        2. Click the Access Begins field and select the desired beginning date and time from the calendar.
        3. Click the Access Ends field and select the desired ending date and time from the calendar.
        4. You should see the Access Begins and Access Ends fields update accordingly.

        5. To further restrict the person's access to specific days and times during the specified date range, click Enable Day of Week Restrictions and then click the drop-down arrow to the right of the field.
        6. You should see an Hours of the Day Allowed pane appear. By default, each day is set to 24-hour access.

        7. For each day you want to restrict the hours of access, click the from and to fields and select the starting and ending times from the Choose Time control by moving the Hour and Minute sliders to appropriate values. For example, if you want don't want the selected actor to have any access on Sunday, you move the Hour and Minute sliders to the left until the time shown is 00:00 and then click Done.
  9. From the Extension tab, optionally fill in one or more of the Extension Attribute fields as needed. Extension attributes provide a way for you to enter information about the person that is not defined by default on an EmpowerID person. This information can be interacted with programmatically as needed.
  10. When you have completed filling in the information for the person you are creating, click the Save button.
  11. Once EmpowerID completes the operation, you should be directed to the Person Details for the person.