Add users to IDaaS

Anyone who can sign in to IDaaS is a user. The assigned role determines which features the user can access. See Create, assign, and manage roles and Set up your IDaaS account for more information.

Attention

When a new IDaaS account is created, one user is automatically assigned the Super Administrator role. The Super Administrator can create additional users and assign roles that control access to IDaaS. To prevent being locked out of the account, create at least one additional user with the Super Administrator role.

Before you add users to IDaaS

When you add users manually to your IDaaS account, you do the following:

• Enter their profile information
• Assign them to groups
• Select access management role items
• Select their role
• Assign custom user attributes, if applicable
• Assign user authenticators
• Configure user policies (registration, verification, and Magic Links)

How to add users

You can add users to IDaaS using one of the following methods:

• Add a user manually.
• Sync a user from a directory.
• Import users by synchronizing your IDaaS account with a directory.
• Bulk import users.

Manage individual users

Once you add a user, you can manage the following from the User Details page:

• Profile. Update user profile information (see Edit, delete, unlock, and disable users and Add users).
• Authenticators. Manage users authenticators (see Manage authenticators).
• Risk-Based Authentication. Manage risk-based authentication (see Manage risk-based authenticator settings).
• Applications. Manage applications assigned to the user (see Manage applications).
• OIDC/OAuth Tokens. Manage OAuth tokens (see Manage OIDC and OAuth tokens).
• Audits. View user audit activity and download user audits (see View and export audit logs).

Topics in this section

📄️Add users

You can add users in the following ways:

📄️Unlink users from an Active Directory

You can unlink individual users that are synchronized from a directory. This feature lets administrators remove problem accounts that no longer exist in Active Directory but are still synchronized with IDaaS. When a user is unlinked, the user becomes locally managed in IDaaS.

📄️View, filter, and export a user list

From the Users List page, you can do the following:

📄️Edit, delete, unlock and disable users

From the Users List page, you can do the following:

📄️Configure Magic Links for users

Magic Links allow unregistered users to bypass the need to enter their username and password to register their authenticators. When a Magic Link is configured for a user, the user receives an email with a Magic Link.

📄️User verification

User verification requires a user to provide an administrator with a response from an OTP, grid card, token, or token push authentication. This feature allows administrators to verify the user based on their response to the authentication request.

📄️Assign user authenticators

You can assign authenticators to a single user. To assign authenticators to many users at once, see Bulk assign authenticators.

📄️Configure an External ID for users

Customer Identity and Access Management (CIAM) platforms use directories or external identity providers to identify users with unique IDs, such as UUIDs. End users do not see these IDs, but integrations such as OIDC, SAML, and SCIM rely on them to consistently identify users across customer‑managed systems.