Add users to Identity as a Service
Anyone with access to Identity as a Service is a user. The role assigned to the user determines the features they can access in Identity as a Service. See Create, assign, and manage roles and Set up your Identity as a Service account for more information.
Attention: When a new Identity as a Service account is created, a single user with the Super Administrator role is created for the account. The Super Administrator user can create more users and assign each of them a role that determines their level of access to Identity as a Service. To safeguard against complete account lockout, you should create another user for your new account with the Super Administrator role.
Before you add users to Identity as a Service
When you add users manually to your Identity as a Service account, you do the following:
- Enter their profile information
- Assign them to groups
- Select access management role items
- Select their role
- Assign custom user attributes, if applicable
- Assign user authenticators
- Configure user policies (registration, verification, and Magic Links)
How to add users
You can add users to Identity as a Service using one of the following methods:
- Add a user manually
- Sync a user from a directory
- Import users by synchronizing your Identity as a Service account with a directory (Trigger on-demand synchronization)
- Bulk import users (see Import users)
Manage individual users
Once you add a user, you can manage the user the following for individual users from the User Details page:
- Profile—Update user profile information (see Edit, delete, unlock, and disable users and Add users).
- Authenticators—Manage users authenticators (see Manage authenticators).
- Risk-Based Authentication—Manage risk-based authentication (see Manage risk-based authenticator settings).
- Applications—Manage applications assigned to the user (see Manage applications).
- OIDC/OAuth Tokens—Manage OAuth tokens (see Manage OIDC and OAuth tokens).
- Audits—View user audit activity and download user audits (see View and export audit logs).
Topics in this section
Add users
You can add users manually or synchronize individual users from an Active Directory. Synchronizing users makes it easier to add and update individual users without having to wait for a full directory sync to complete. You must have a Gateway v5.0 or later to synchronize individual users from a directory.
Unlink users from an Active Directory
You can unlink individual users that are synchronized from a directory. This feature allows administrators to remove problem accounts that are no longer in Active Directory but are still synchronized in Identity as a Service. When you unlink a user, the user becomes a locally managed user in Identity as a Service. You must have a directory added to your Identity as a Service account to use this feature.
View, filter, and export user list
You can set the number of users listed on a page, filter your user list to display only users in an active, inactive, or locked state, and export your user list to a custom CSV file.
Edit, delete, unlock and disable users
You can delete users, modify user profiles, disable and enable users, and unlock users that are locked due to too many failed authentication attempts or inactivity.
Configure Magic Links for users
Magic Links allow unregistered users to bypass the need to enter their username and password to register their authenticators. When a Magic Link is configured for a user, the user receives an email with a Magic Link.
Require user verification
User verification requires a user to provide an administrator with a response from an OTP, grid card, token, or token push authentication. This feature allows administrators to verify the user based on their response to the authentication request.
Assign user authenticators
You can assign authenticators to users individually. To add and assign authenticators in bulk, see Bulk assign authenticators.
Configure External ID for users
Customer Identity and Access Management (CIAM) platforms often rely on directories or external identity providers that use their own unique user identifiers, such as UUIDs. While not visible to end users, these identifiers are required for integrations like OIDC, SAML, and SCIM to reliably identify users across customer-managed systems.