Add users manually
You can add users manually or synchronize individual users from an Active Directory. Synchronizing users makes it easier to add and update individual users without having to wait for a full directory sync to complete. You must have a Gateway v5.0 or later to synchronize individual users from a directory.
Manually added users are managed locally in Identity as a Service. You can synchronize locally managed users to a directory provided they already exist in the directory (see the procedure, Synchronize Identity as a Service users to a directory).
Note: Before you begin, you should define the required custom user attributes. See Create and manage user attributes.
Add users manually1. Click
>
Members > Users. The Users
List page appears.
2. Click
. The Add
User page appears.
Note: If you have a directory
synced to your Entrust Identity as a Service account, a drop-down
list appears prompting you to Create a local user
or Sync a user. If you do not have a directory
synced to your account, you will not see the drop-down list.
To add the user manually, select Create local user.
3. Under Personal Information, enter the attributes, as required.
● First Name
● Last Name
● User ID
● Email—The email address is used to send authenticator and account information emails.
● Mobile—The mobile device number is used to send SMS one-time passwords to the user. It can also be used to send VOICE one-time passwords to the user if the user does not have a phone number.
● Phone—The phone number is used to send a voice message of one-time passwords to the user.
● Security ID—This setting is required to use Smart Login with Microsoft Windows.
Note: Attributes flagged with an asterisk (*) are mandatory. By default, First Name, Last Name, Email, and User ID are set as mandatory. For information on changing them, see "Edit a system attribute" in the section,Create and manage user attributes .
4. From the Language Preference drop-down list, select the language of the user.
Note: Selecting
Account Default sets the user's
language preference to the account language setting. The account language
setting is defined at > Theme.
If the account language setting changes, the user's language also
changes.
5. Under Permissions, do the following:
a. From the Select Group to add drop-down list, assign the user to the required group. You can add the user to more groups by selecting them, one at a time, from the drop-down list.
Note: If no groups are selected, the user is assigned to the All Identity as a Service Users group by default.
b. If applicable, from the Select Access Management Role to add drop-down list, select the access role assigned to the user for OAuth resource authorization. You can associate more Access Management Roles with the user by selecting them, one at a time, from the drop-down list. For more information, see Configure Role-Based Access Control (RBAC).
c. From the Select Role drop-down list, select the user role. The role determines which features the user can access in Entrust Identity as a Service. The default setting is No Role Assigned. For more information, see Create, assign, and manage roles.
6. If applicable, under Required Attributes, on the line below each required attribute, enter the value for the attribute. For more information on attributes, see Create and manage user attributes.
7. Under Optional User Attributes, add the details for the attribute. For example, if you add an optional user attribute called Alternate Email for OTP delivery, enter the alternate email address in the attribute field.
8. If you want to add unique attributes applicable only to the specific user, for example, a user has three mobile devices with different numbers and you want OTP to be delivered to all three numbers, you can add the required attribute, as follows:
a. Under Optional Attributes, click Add. The optional attribute dialog box appears.
b. Enter a Name for the attribute.
c. Enter a Value for the attribute, for example the mobile number for SMS OTP delivery.
d. Select Use this attribute for OTP delivery if you want the attribute to be used for OTP delivery by SMS, Voice, or Email.
e. If you select Use this attribute for OTP delivery, select the OTP delivery option (SMS, voice, or email) from the drop-down list.
f. Click OK.
9. Optional. Add Aliases to allow the user to log in using their User ID or an alias.
Note the following when adding aliases:
● All aliases must be unique in the system.
● An alias must not be the same as a User ID in the system.
● You can add up to 10 aliases.
Add an alias as follows:
a. Under Aliases, click Add. The Add Alias dialog box appears.
b. In the Add Alias field, enter the alias.
c. Click OK.
d. Repeat steps a to c to add another alias.
10. Click Save.
Synchronize
users from a directory1. Click
>
Members > Users. The Users
List page appears.
2. Click
. A drop-down list appears.
3. Select Sync from directory. The Sync User dialog box appears.
4. In the User ID field, enter the User ID of the user in the Active Directory.
Note: This value depends on the User ID Attribute Mapping that is configured in the directory configuration. See Manage directories.
5. Select the Directory from the drop-down list. This is the directory from which the user is synchronized.
6. Click Sync.
Synchronize
Identity as a Service users with a directory1. Click
>
Members > Users. The Users
List page appears.
2. Click
next to the user you want to synchronize with
a directory. The Sync User dialog box appears.
Note: To synchronize a user, the user must already exist in the directory.
3. Select the Directory from the drop-down list.
4. Click Sync. The user is synchronized with the directory.
Note: Depending on the User Desynchronization Policy of the directory, the user may be deleted upon being synchronized. See Manage directories for more information.