User Onboarding and Management

Posted on March 27, 2020

Overview

An administrative guide to onboarding and managing users with TraitWare. (Requires Administrative Access)

Contents

Adding Users to TraitWare

  • Users can be added manually, imported using CSV, or synced using Microsoft Entra GraphAPI
  • To manually add a user, select Create User from the Users page
  • Mobile Phone is not required
  • Select Save Changes
  • To Import Users, select the button on the Users page
  • Paste users in the appropriate format and select Preview
  • Select Submit Users if it looks correct
  • For User Sync, you will need information from Microsoft Azure complete this step.
  • Once the information is inputted, users will be synced over based on the allowed groups.
  • If you are using Azure Graph API, you can choose to sync all users in the Azure AD, or groups.

Re/Sending Registration Email

Group User Registration

If an administrator would like to send Registration Emails to a pre-defined group of users in an organization. This function allows the administrator to register all users within an organization group by group instead of sending out registration emails to all users.


Note: Users in multiple groups will only receive one registration email

Note: Activation emails will only be sent to users who have not registered or those with expired registrations.

  • Select User Groups.
  • Select Add/Remove Users.
  • Select Send Activation Emails.
  • Select Set Device Expiration to change the registration expiration. Default is 7 days. Select Send Emails to send registration emails to members of the group.

Individual User Registration

  • If a new user requires a Registration Email, select the user and navigate to the Devices tab. If no device has been provisioned, select Reset Device. Under Additional Registration Actions, select Email Registration.
  • You can also send to a different email than the one listed by choosing Email Registration to Alternate Email.
  • To send Registration emails to all new users, select Pending Devices and then select Send Batch Emails.
  • If you have users with missing or expired registration codes, Batch Add Devices.

Registering a User in Person

  • User Registration can be done in Person.
  • Navigate to the User to be added. Select User.
  • Navigate to the Devices tab
  • If there is no device, select Reset Device.
  • Select QR Code Registration
  • Scan Registration QR with user’s device.

Enabling Application Access

  • Application access can be turned on individually, for all users by application, or by certain groups of users (only available through User Sync’s Group Mapping capability)
  • To turn on access for an individual user, select them, navigate to the Applications tab, and toggle the application(s) you wish to give the user access to

Resetting Failed Login Attempts/Trait Reset

  • A user may get a failed authentication attempt by entering the wrong PhotoAuth sequence, if their device traits have changed too much, or in some cases (particularly with Samsung) on device update.
  • Resetting Failed Login attempts will solve issues for a user who has forgotten a PhotoAuth sequence
  • Resetting Session Traits will solve issues for a user who has traits which have changed too much (this may sometimes solve issues after a device update)

Requiring 3-Factor Authentication

  • By default, only one type of authentication is required (biometric or PhotoAuth)
  • If you desire a higher level of security, 3-Factor Authentication (biometric and PhotoAuth) may be turned on for users
  • Note that this is recommended for admin users with higher accesses
  • 3-Factor can be applied to new or existing users
  • **Randomize Photo Authentication is recommended for highest security measures

Registering a New Device

  • If a user loses or upgrades their device, the old device will need to be Deleted before you can Add a New Device
  • Note that if they are using a temporary phone, this step will still need to be completed. Only one device can be assigned to a user for security purposes
  • Once a new device is added, you will be able to Register the user

Assigning Console Access

  • Console access should be provided to users who will be managing the console (applications, user sync, user management)
  • This is your admin functionality for the console
  • To allow Console Access, select the desired user and toggle TraitWare Customer Console Access