- Getting Started
- Recommended Integration & Registration Flow
- Admin Console Overview
- User Onboarding and Management
- User Registration and Login
- Enterprise Applications
- Microsoft Integration
- Installing TraitWare PAM Module for SSH and SFTP
- cPanel OIDC Integration
- Browser Extension
User Onboarding and Management
Posted on March 27, 2020
Overview
An administrative guide to onboarding and managing users with TraitWare. (Requires Administrative Access)
Contents
- Adding Users to TraitWare
- Re/Sending Registration Email
- Registering a User in Person
- Enabling Application Access
- Resetting Failed Login Attempts
- Requiring Three Factors
- Registering a New Device
- Assigning Console Access (admin rights)
- Troubleshooting
Adding Users to TraitWare
- Users can be added manually, imported using CSV, or synced using Microsoft Entra GraphAPI
- To manually add a user, select Create User from the Users page
- Mobile Phone is not required
- Select Save Changes
- To Import Users, select the button on the Users page
- Paste users in the appropriate format and select Preview
- Select Submit Users if it looks correct
- For User Sync, you will need information from Microsoft Azure complete this step.
- Once the information is inputted, users will be synced over based on the allowed groups.
- If you are using Azure Graph API, you can choose to sync all users in the Azure AD, or groups.
Re/Sending Registration Email
Group User Registration
If an administrator would like to send Registration Emails to a pre-defined group of users in an organization. This function allows the administrator to register all users within an organization group by group instead of sending out registration emails to all users.
Note: Users in multiple groups will only receive one registration email
Note: Activation emails will only be sent to users who have not registered or those with expired registrations.
- Select User Groups.
- Select Add/Remove Users.
- Select Send Activation Emails.
- Select Set Device Expiration to change the registration expiration. Default is 7 days. Select Send Emails to send registration emails to members of the group.
Individual User Registration
- If a new user requires a Registration Email, select the user and navigate to the Devices tab. If no device has been provisioned, select Reset Device. Under Additional Registration Actions, select Email Registration.
- You can also send to a different email than the one listed by choosing Email Registration to Alternate Email.
- To send Registration emails to all new users, select Pending Devices and then select Send Batch Emails.
- If you have users with missing or expired registration codes, Batch Add Devices.
Registering a User in Person
- User Registration can be done in Person.
- Navigate to the User to be added. Select User.
- Navigate to the Devices tab
- If there is no device, select Reset Device.
- Select QR Code Registration
- Scan Registration QR with user’s device.
Enabling Application Access
- Application access can be turned on individually, for all users by application, or by certain groups of users (only available through User Sync’s Group Mapping capability)
- To turn on access for an individual user, select them, navigate to the Applications tab, and toggle the application(s) you wish to give the user access to
Resetting Failed Login Attempts/Trait Reset
- A user may get a failed authentication attempt by entering the wrong PhotoAuth sequence, if their device traits have changed too much, or in some cases (particularly with Samsung) on device update.
- Resetting Failed Login attempts will solve issues for a user who has forgotten a PhotoAuth sequence
- Resetting Session Traits will solve issues for a user who has traits which have changed too much (this may sometimes solve issues after a device update)
Requiring 3-Factor Authentication
- By default, only one type of authentication is required (biometric or PhotoAuth)
- If you desire a higher level of security, 3-Factor Authentication (biometric and PhotoAuth) may be turned on for users
- Note that this is recommended for admin users with higher accesses
- 3-Factor can be applied to new or existing users
- **Randomize Photo Authentication is recommended for highest security measures
Registering a New Device
- If a user loses or upgrades their device, the old device will need to be Deleted before you can Add a New Device
- Note that if they are using a temporary phone, this step will still need to be completed. Only one device can be assigned to a user for security purposes
- Once a new device is added, you will be able to Register the user
Assigning Console Access
- Console access should be provided to users who will be managing the console (applications, user sync, user management)
- This is your admin functionality for the console
- To allow Console Access, select the desired user and toggle TraitWare Customer Console Access