EXT (external) onboarding template description - create new user

Parameter

Description

Example value

Template name

input box

template name

Description

input box

description for better recognizing the template in the onboarding process

Onboard type

options:

  • EXT for sponsored onboarding
  • LDAP for onboarding of users already created in LDAP

EXT

Enrollment type

options:

  • SELF - template is used for sponsored onboarding invitation - invitation is created in the Selfservice/My invitations page
  • ON_BEHALF - template is used for enrollment on behalf - specific use case when new user is created by operators from another tenant
  • BOTH - template could be used for sponsored onboarding and for enrollment on behalf

SELF

Require email address within onboarding

The checkbox for managing the collecting of contact details neccessary for successful invitation. The behaviour is partially driven by the type of enrollment (see above):

  1. if enrollment type = SELF then email address is required within onboarding = true and it's inactive
  2. if enrollment type = ON_BEHALF then email address is required within onboarding = true and active and uthentication type + OTP address type are hidden
  3. if enrollment type = BOTH then email address is required within onboarding = true and it's active


Require phone number within onboarding

The checkbox for managing the collecting of contact details neccessary for successful invitation. The behaviour is partially driven by the type of enrollment (see above):

  1. if enrollment type = SELF then phone number is required within onboarding = false and it's active
  2. if enrollment type = ON_BEHALF then phone number is required within onboarding = false and active and Authentication type + OTP address type are hidden
  3. if enrollment type = BOTH then phone number is required within onboarding = false and it's active


Authentication type

options:

  • OTP - the verification will be done by OTP (user can use any of enrolled tokens)
  • CODE - erification will be done using the code sent during onboarding

OTP

OTP Address type

options for the OTP code receive within the onboarding process

  • SMS
  • EMAIL

SMS

Request expiration hours

Validity of the invitation ticket (in hours). After this time the invitation ticket wil be expired and user will lose the opportunity make onboarding process.

24

Set password

Checkbox - whether to create password within the onboarding process or not - in case of passwordless approach the password creation is not needed

-

External resource

LDAP resource where the users will be created at within the onboarding process - available resources are defined within the Admin console and the Resources feature.

defined resource

Organization unit

The optional specification of the AD OU attribute

-

Maximum validity if the invitation in days

Validity of the onboading itself (in days). Validity of the identity of onboarded user will be expired - after this period user won't be able to access the ANT ID system. 

365 (for a year)

Allow adjustments if the maximum validity of the invitation in days

Possibility to edit validity within the creation of the invitation.

-

Username mask

mask for the user name - will be displayed as a placeholder on the invitation form. 

  • Username must be uniqe throught the tennant

ext-demo-pk

Username regex

regular expression for the mask value (has to start with ^ and end with $

^ext-demo-[a-zA-Z]{2}$

Upn domain

LDAP domain

company_name

Upn type

User principal name (AD attribute) - must be unique within LDAP resource structure.

Options:

  • CUSTOM - completely editable within the invitation creation
  • USERNAME - will be prefilled with the username
  • NAME - will be prefilled with the first name and the last name
  • RANDOM - will be created as a random string (possible for password less approach)

USERNAME

Upn display

Approach for the display of the UPN on the invitation form, options:

  • EDITABLE - UPN will be editable
  • HIDDEN - UPN won't be visible on the invitation form
  • READ_ONLY - will be visible but non-editable

HIDDEN

Cn type

Common name (AD attribute) - must be unique within LDAP resource structure.

Options:

  • CUSTOM - completely editable within the invitation creation
  • USERNAME - will be prefilled with the username
  • NAME - will be prefilled with the first name and the last name
  • RANDOM - will be created as a random string (possible for password less approach)

USERNAME

Cn display

Approach for the display of the CN on the invitation form, options:

  • EDITABLE - UPN will be editable
  • HIDDEN - UPN won't be visible on the invitation form
  • READ_ONLY - will be visible but non-editable

HIDDEN

Can add groups

future attribute

-

Can create group

future attribute

-

Can choose groups

future attribute

-

Display invitation detail

The additional information - Display name - will be displayed on the invitation form (form will be simplyfied)

-




EXT (external) onboarding template description - Import user from LDAP

Parameter

Description

Example value

Template name

input box

template name

Description

input box

description for better recognizing the template in the onboarding process

Onboard type

options:

  • EXT for sponsored onboarding
  • LDAP for onboarding of users already created in LDAP

LDAP

Enrollment type

options:

  • SELF - template is used for importing user from LDAP to ANT ID - see Operatinal console/Users/Add new user feature
  • ON_BEHALF - template is used for enrollment on behalf - specific use case when new user is created by operators from another tenant
  • BOTH - template could be used for sponsored onboarding and for enrollment on behalf

SELF

Require email address within onboarding

The checkbox for managing the collecting of contact details neccessary for successful invitation. The behaviour is partially driven by the type of enrollment (see above):

  1. if enrollment type = SELF then Require email address within onboarding = true and it's inactive
  2. když enrollment type = ON_BEHALF then Require email address within onboarding = true and active and uthentication type + OTP address type are hidden
  3. když enrollment type = BOTH then Require email address within onboarding = true and it's active


Require phone number within onboarding

The checkbox for managing the collecting of contact details neccessary for successful invitation. The behaviour is partially driven by the type of enrollment (see above):

  1. if enrollment type = SELF then Require phone number within onboarding = false and it's active
  2. když enrollment type = ON_BEHALF then Require phone number within onboarding = false and active and Authentication type + OTP address type are hidden
  3. když enrollment type = BOTH then Require phone number within onboarding = false and it's active


Authentication type

options:

  • OTP - the verification will be done by OTP (user can use any of enrolled tokens)
  • CODE - erification will be done using the code sent during onboarding
  • LDAP - password - option only for LDAP type of onboarding

OTP

OTP Address type

options for the OTP code receive within the onboarding process

  • SMS
  • EMAIL

SMS

External resource

LDAP resource where the users are created (to obtain stored information necessary for the onboarding process)

defined resource