Creating User Accounts

This topic demonstrates how to create user accounts in EmpowerID by creating an Active Directory user account.

Prerequisites - Before you can create user accounts, EmpowerID must first be connected to an external account directory, like Active Directory. For more information see Connecting to Directory Systems.

To create a new user account

  1. From the Navigation Sidebar of the EmpowerID Web interface, navigate to User Account management page by expanding Identities and clicking User Accounts.
  2. From the Actions pane of User Account management page, click the Create User (Person Optional) action.
  3. This opens the Create User form, which contains a number of tabs with fields for adding user account properties or attributes.

  4. Select an account type from the Account Type drop-down. Account types can include the following:
    • Personal Standard - A Personal Standard account is a basic user account owned by a person for performing everyday tasks. This is the default account type.
    • Personal Privileged - A Personal Privileged account is a highly privileged user account owned by a person.
    • Application - An Application account is an account used by applications to access databases or other applications.
    • Contact - A Contact account is an account that is used as an email contact.
    • Emergency - An Emergency account is a "break glass" usage account.
    • Service - Service accounts are special types of accounts that can be used.
    • Shared Mailbox - A Shared Mailbox account is a disabled user account required for room, equipment or shared mailboxes.
    • Shared Privileged - A Shared Privileged account is a non-personal account shared by administrative users.
    • Test User - A Test User account is an account used for testing purposes.
    In EmpowerID, account types are simply classifications for grouping user accounts into Set Groups, reports or different Recertification policies. They do not grant access.
  5. Type a first name and last name for the user account in the First Name and Last Name fields, respectively.
  6. Type a display name and logon name for the user account in the Display Name and Logon Name fields, respectively.
  7. Underneath Account Creation Location, click the Select a Location link and in the Location Selector that opens do the following:
    1. Search for and select the appropriate external directory location for the user account.
    2. Click Save to close the Location Selector.
  8. Select the appropriate UPN suffix from the UPN Suffix drop-down.
  9. Optionally, type a description in the Description field and any comments in the Comments or Justification field.
  10. Optionally, if you want to join the user account to an existing EmpowerID Person, select Join Account to an Existing Person and then search for and select the appropriate person.
  11. To see an example of joining an account to an existing person, see Creating Accounts from People.
  12. Optionally, if you want EmpowerID to create a new EmpowerID Person from the user account, select Create a new EmpowerID Person object and select the appropriate Business Role and Location for the person. For the details, expand the below drop-down.
    • To select the Business Role and Location
      1. Underneath Person Business Role, click the Select a Role and Location link.
      2. In the Business Role and Location selector that appears, search for and select the appropriate Business Role for the person.
      3. Click the Location tab.
      4. Search for and select the EmpowerID Location for the person.
      5. Click Select to close the Role and Location Selector.
  13. Optionally, select Allow me to enter a password if you want to set the password for the user account.
  14. In our example, we are setting the password so we have ticked the option. When we do so, the form changes to display the Password and Confirm Password fields.

  15. If you have opted to enter a password for the user account, type the password in the Password and Confirm Password fields.
  16. Scroll to the Security section and select any desired settings you want to apply to the account. By default, Allow Joining Account to a Person and Allow Provisioning a Person from Account are selected. These two flags tell EmpowerID that during the next inventory run, it can either join the account to an existing EmpowerID Person or provision a new person for the account if one does not currently exist. If you do not want EmpowerID to take this action, deselect these options.
  17. EmpowerID determines whether to join new accounts to existing people or provision new people from those accounts based on the Join and Provision rules set for your environment. For more information on these rules, see Overview of the Account Inbox and Reviewing Join and Provision Rules.
    Additionally, the account store needs to be configured to Allow Person Provisioning. If it is not, no person will be provisioned for the user account.

  18. Optionally, click the Address tab and fill in the appropriate information as needed.
  19. Optionally, click the Personal tab and fill in the appropriate information as needed.
  20. When ready, click Save.
  21. To allow the process to continue leave Wait to See Results selected. If you deselect Wait to See Results on this screen and then click Submit, the creation process will idle and EmpowerID will create a task for it, routing it to any Person with the delegations to continue creating the user account.

To verify the account was created in EmpowerID

  1. From the Navigation Sidebar, navigate to Change Manager by expanding System Logs and clicking Audit Log.
  2. Click the Recently Created Objects tab and search for the user account you just created. You should see a record for it.

To verify the account was created in Active Directory

  1. On a machine with the Active Directory Module for Windows PowerShell installed, run the following cmdlet, substituting the name of the user with the user you created:
  2. GET-ADUser -filter {name -eq 'PatriciaCollins'}

    You should see the account.