Adding Identities into IDM
Note
Required fields are indicated with a red Asterisk.
This section covers how to add Identities into the application. Identities is the generic term used to describe employees and non-employees (e.g. contractors, vendors etc.). Visitors can also be added (refer to Visitors for further information). Identities are essentially users of the system and are listed on the home page of the Identities tab.
Identities are added into the system in a variety of different ways including:
Manually: An authorized user is able to add a new Identity directly on the home page of the Identities tab.
Spreadsheet Upload: An authorized user is able to upload a spreadsheet of users via the uploads section within the identities tab.
IDM Importer: The IDM Importer Utility synchronizes Identities via an integration with a local SQL data source on an ongoing basis (details provided in a separate document).
Public API: Identities can be imported into the system via the public API (details provided in a separate document).
Adding Identities Manually (Employee and non Employee)
To add an Identity directly within the user interface navigate to the home page of the IDM tab and click the New button.
Select either Employee or Non Employee.
Enter the appropriate identity information on the Identity page and click the Next button to continue. Fields indicated below are enabled by default. You can enable or disable the user field types and add any user-defined fields in the IDM configuration section.
The Identity information is split into the following sections: Identity Type, Personal Information, Primary Email, Identity Information, Managers and Primary Phone.
Identity Type: Provide details for (if required)
Identity Type (Employee, Non Employee or Visitor, selected in the previous step)
Default Language (Required)
Personal Information: Provide details for (if required)
First Name (Required)
Last Name (Required)
Title Prefix
Professional Title
Title Suffix
Primary Email Address: Provide details for (if required)
Primary Email (Required)
Email Type (work or personal etc) (Required)
Identity Information: Provide details for (if required)
Note
The user must assign the new Identity to a Building and Company at minimum.
Company (Required)
Building Name (Required)
Department
Floor
Location
Employee Number
Identity Category
Start Date
Expiration Date
Managers: Provide details for (if required)
Manager 1
Manager 2
Manager 3
Primary Phone: Provide details for (if required)
Number
Extension
Phone Type
After the identity details have been completed, press the Next button (as detailed in the graphic above) to enter the Web User section.
The Web User page allows the user to enter a user name and password for the Identity, or they can select Invite Web User to Create Credentials. Checking this box will send an email to the new Identity with a link allowing them to create their own user name and password for the system.
Note
If SSO is enabled, this step is not required.
After the Web User details have been completed, press the Next button (as detailed in the graphic above) to enter the Picture section.
The Picture tab allows the administrator to take a photo (if connected to web camera) or upload a photo for the new Identity. Or select the Next button to move onto the Additional Details (if User Defined Fields are configured) or the Summary section.
If any User Defined Fields have been configured, they will appear on the Additional Details page. This page is skipped if no User Defined Fields are configured. Refer to the IDM User Defined Fields section for more information
Select the Next button to continue; Make sure the information on the Summary is correct and then click the Save button. The Prev button can be used to re-visit any sections that require changes or edits being made to them.
Once saved, the user is taken to the Identity Details page for the new Identity. The user is able to view and edit all existing data and is able to assign User Roles.
Please note that on the Identity Details page, there is a section called 'Citizenship Details' (provided it has been set to enabled in Screen Configuration) that does not appear in Add Identity. This contains the fields:
Is U.S. Citizen
Is Green Card Holder
Is Visa Holder
Visa Name
Country Of Citizenship
Citizenships
The Actions section at the bottom of the screen allows the administrator to Send Manage Credentials Request. This will send the identity an email, allowing them to update their login credentials for the application (this does not apply if SSO is enabled for this user). Users for whom sign on credentials have already been issued, will display Remove Web Access rather than Send Manage Credentials Request.
The Actions section also allows the user to terminate, or permanently delete the Identity. A terminated Identity can be un-terminated; once an Identity is deleted, their data is removed permanently. An Identity can also be suspended (and then Activated later).
Adding Identities via Spreadsheet Upload
Spreadsheet uploads provide great flexibility and ease of use without a complex integration, making this is an effective way to manage users. Spreadsheet Uploads can be used to add new Identities, or update existing Identities in the system.
Bulk upload of visitors via spreadsheet is also available from this section.
To upload users via a spreadsheet, Select the IDM Uploads button.
Click the New button to configure a new upload. Download a sample template of the CSV file.
The CSV template only contains the relevant column headings and a sample row of data (provided as an example). The column name lists which columns are optional.
Enter all the required information for all Identities into the spreadsheet (overwrite the sample data provided but leave the column headings as they are) and upload the CSV file.
Note
Employee Number is typically used as the unique identifier for all Identities. If Employee Number is not present, then Email Address is used. If the unique ID in the sheet matches an existing Identity in the system, their record will be updated, instead of a new record being created.
The User Interface will specify which Building and Company will be assigned to the new Identities. Select Override to change the Building and/or Company. The user will only be able to assign specific Buildings/Companies according to their User Role.
Additional Configuration Options:
Send New Employee Web User Invitations: By selecting this option, email invites are sent to all the new users uploaded in the spreadsheet, allowing them to set up their own login credentials.
Send Existing Employees Web User Updates: If the existing users were updated via upload, this option allows them to receive an email allowing them to create/update their login credentials. This can be used for example if the existing users were not sent the registration email when they were first added into the system.
Click the Save button to upload the file. The application displays File Received along with the number of records being uploaded and processed.
The user will see the results of their file upload. If there are errors, then any records with errors will not be uploaded. Records with no errors will still be successfully uploaded. A error file will be generated in an excel format. Open the download and the last column will display the error message, confirming the type of error for each of the records on the error file.
IDM User Roles
IDM provides a number of different User Roles, which define a set of access permissions to menus, screens, and options within the IDM tab.
Note
User Role configuration on the IDM Identities page only controls access to the IDM tab itself. User Roles for GUEST and CONNECT are configured on the relevant GUEST or CONNECT tab.
Note
It is also possible - provided your system has been configured to allow Automatic Role Assignment - to assign Roles automatically by Rules. Refer to Role Assignment Rules for more information.
The following IDM User Roles are available:
System Administrator: This role provides full access to all aspects of the IDM tab, including all items under the Configuration sub-menu.
Building Manager: Building Managers are able to view and manage users that are assigned to specific Buildings in IDM. Building Managers are also able to edit the Buildings assigned to them under IDM Configuration Building Management.
Security Manager: Security Managers are able to manage the Watchlist Identities in the buildings to which the Security Manager is assigned. Security Managers also receive an email if a visitor matches an identity on the Watchlist in their assigned Buildings (this function requires configuration in GUEST).
Tenant Manager: Tenant Managers are limited to adding/managing users for specific Companies and Buildings only. A Tenant Manager can add new users, however they can only assign the new user to the Companies and Buildings to which the Tenant Manager has been assigned. Tenant Managers do not have any access to any IDM Configuration options.
Report Viewer: Report Viewers are able to access the reports in IDM only.
Assigning a User Role via Edit Roles
To assign a user role, select the relevant user listed on the IDM home page and select Edit Roles on the right side of the screen.
Under Role Manager, select the roles you want to grant to the user and click the Save button. When users are granted any role, it is highlighted in green color and may also specify the Building assigned to the user if applicable.
Assigning a User Role: Line Manager and Manager Delegate
Each Identity can have up to three Identity Managers. These are assigned by entering the name of the desired Identity Manager into a Manager field in Add / Edit Identity.
A Identity Manager can assign themselves a Delegate. A Manager Delegate does not have the same access rights as the Identity Manager but is authorized to approve requests on the Identity Manager's behalf such as approving Visits, Access Requests and Credential Requests.
Note
Within IDM this will only affect 'Identity Expiration Notifications'.
To assign a Delegate, the Identity Manager signs in to the application and clicks on their Profile.
Scroll to the bottom of their Profile page and click the Edit Manager Delegate button.
Type in the name of the user you want to assign as a Delegate and click the Save button.
Manager Delegate will then appear to the right of the Identity Manager's profile beneath their own Identity Manager if one has been assigned.
Note
Nothing will appear on the Manager Delegate's profile to confirm they have been assigned the role. Only a Identity Manager can assign themselves a Manager Delegate and they can change or remove that Delegate in the same way. Active Manager Delegates are automatically added onto the mailing list for any Notifications assigned to the Identity Manager they are the delegate for.
User Registration and Login Process
Note
If Single Sign On (SSO) is used, the steps below are not required. Please contact your local IT Administrator for SSO login instructions.
As part of this process of adding a new Identity into the system, a user name and password can be entered manually, or an email can be sent to the user allowing them to create their own user name and password.
A sample registration email can be seen below. The new user will click the link in order to register (create a user name and password).
The user is able to register by clicking the link in the email.
Note
Please use your customer specific URL to log into the system. This guide uses https://training.symmetry.net/ as an example only.
Login Page
To log into the Application, go to https://training.symmetry.net/ (replace “training” with your own specific sub-domain) and enter your username and password.
To reset your password, click the Forgot your password? link on the login page and enter the required information.
Note
The images above are dependent on whether or not your system has been configured to Use Email Address As User Name. Refer to the Settings (Group settings) for further information.
An email is sent to the user with a link that allows them to reset their password.
Identity Expiration, Termination, Suspension and Deletion
Identities displayed on the IDM home page can expire automatically (on a specified date), or they can be manually Expired, Terminated, Suspended or Deleted.
Viewing Expired/Terminated/Suspended Identities
The status of each Identity is visible on the IDM Home page. Expired, Suspended or Terminated Identities appear in red and their status (TERMINATED/EXPIRED/SUSPENDED) appears on the right side of the page.
Note
Deleted Identities are completely removed from the system and are no longer visible.
Identities About to Expire
Identities that are scheduled to expire in the next 30 days will appear in an amber color on the screen. This is to visually flag that the person will expire in the near future, however they are still active.
Note
Identities that appear in an amber color are still active and will function normally until they expire.