Delegations
Delegations are groups that are set up to include various users in one section. They can be created to include various groups that share the same attributes or customized to include a set of groups with different attributes, as assigned by an administrator to suit the organization's needs.
 |
The following default delegations, as well as any other delegations created by an administrator, are displayed in the left menu. These can be modified by the organization to align with business or technical needs, including removing them altogether if necessary.
Each delegation allows the users to be viewed in a list or grid and any information available on that user is accessible by clicking the Details button. The user's information displays as configured by the administrator. This can include the user's email address, department name, phone number, and the user's photo.
Users with permissions can perform the following actions for users in a selected delegation:
Action | Description | |||
|---|---|---|---|---|
| This icon allows the password to be changed to a new password that must follow the organization's password policy. Additionally, a box can be checked to have the user change their password at their next login. | |||
| Reset Challenge Responses is a self-service feature built into the RapidIdentity Portal Profiles Module allowing users to update their responses to challenge questions required to reset their passwords. Depending on how the RapidIdentity Portal Administrator has defined this action, it may be necessary to answer a minimum number of the possible questions shown. It is also possible for administrators to allow users to define their own challenge questions and answers; if this option is available, click the green plus sign and then enter a unique question and answer; to discard this action, click the Minus icon (not shown). NoteFor MY type delegations that a user sets for themselves, the user sets up challenge questions based on their currently assigned Challenge Policy Requirements. For CUSTOM type delegations that a user sets up for someone else, the action simply invalidates any previous challenge questions for the target user. Depending on the target user's Challenge Policy, they may be required to set up challenge questions at next login. | |||
| This will enable all selected profiles by ensuring the user has access to their RapidIdentity account. | |||
| This will disable all selected profiles. This prevents the accessibility to the user's RapidIdentity account. | |||
| This will unlock all selected profiles in the event a user gets locked out (e.g. too many attempted logins). | |||
| Allows the list of users to be exported. Selecting this option will download all selected profiles as a CSV file. | |||
| This will print the list of users. Selecting this option will take the user to the print screen that allows various options to be configured for the print job being performed. | |||
| This generates a QR Code for selected users. There are two types of QR Codes in which the user with permissions can generate:
| |||
| This will reset the TOTP secret for all of the selected profiles. The user will be required to enter and confirm their new password to gain access. | |||
| This will reset the Pictograph choices for all of the selected profiles. The user will be presented with the initial selection screen on their next login to register up to three Pictographs, depending on the configuration based on the Pictograph authentication policy of the organization. | |||
| This allows the FIDO key to be disabled in the event of being lost, damaged, or stolen. | |||
| This allows a new FIDO key to be reassigned to a user who no longer has theirs in their possession or it is no longer in service. | |||
| If a Mobile Device has already been enrolled, use this option to delete it from the user's account. | |||
| Click this option to enroll a Mobile Device for the user to be used for authentication methods such as PingMe. | |||
| This allows users to update the configuration for the mobile devices associated with their account. |
If more action options are available to the user with permissions, they can be accessed by clicking the three dots at the end of the displayed actions.
Another action that can be taken by a user with permissions is to edit a user's profile by clicking on details at the end of the user's row and then clicking Edit Profile to make necessary changes. Once finalized, click Save. Changes saved are automatically updated in the organization's directory service.
 |
Note
The attributes that are listed are dependent upon the administrator allowing that attribute to be editable.
Other Profiles
The Other Profiles delegation allows users with administrative privileges to administer any account visible to RapidIdentity Portal to the level decided by the RapidIdentity Portal Administrator. Its functionality is to apply actions to users is identical to the My Team Profiles. Users having access to this delegation can also print or export their results.
Depending on the configuration, users may have the ability to Edit Profile, Change Challenge Responses, Enable, Disable, and Unlock. The RapidIdentity Portal Administrator can determine if users can Print or Export data.
Any delegation can be configured to preload all results by checking the box located in the Details section of each delegation.
To find the desired account to administer, enter the User's Login ID, Last Name, First Name or Email Address into the search back and click Search. If the asterisk (*) is entered into the search bar, upon clicking "Enter" or "Search," all users that match the Source Attribute ACL LDAP filter will populate.
Click the Details hover button in the right column to view or edit a user's account as allowed by the current configuration.
 |
My Team Profiles
The People module's My Team Profiles delegation allows managers and team leaders to view and maintain the access of their team members and direct reports. Managers and team leaders have the following options.
Note
If you are using Identity Bridge to connect to Active Directory, the Disable, Enable, or Change Password actions will have 1 minute of lag time between when you disable the account and when the settings take effect to RapidIdentity and other related programs. This is due to the Identity Bridge sync process happening at least every 1 minute.
For on-premise RapidIdentity installations, these actions will be instantaneous.
Change Password
Reset Challenge Responses
Enable, Disable, or Unlock an account
Other People Actions as defined by a system administrator
For users that do not have direct reports or team members, the My Team Profiles will not display any team members; consequently, the options described immediately above will not be available.
The Profile Actions allow users with direct reports to take action on them. Administrators determine which action (e.g. Change Password, Disable) a user with direct reports can take.
Finally, users with direct reports can choose to export their search results to a CSV file by clicking Export results or print their results by clicking Print.
Whitepages
The Whitepages delegation allows users to explore the organization directory and obtain predetermined demographic information. Configuration determines whether Whitepages pre-loads all information automatically. If pre-load does not occur automatically, Search above to see results displays until a user does a specific or wildcard search.
Users can search the Whitepages by entering any of the pre-configured attributes displayed (i.e. Last Name, First Name, User ID, etc.) into the Search bar and pressing Enter or clicking Search. Users with permissions may also edit user attributes.
Note
The system does not automatically do partial matching. The wildcard character (asterisk - *) used alone must be used to denote that this is a partial search if desired.
To return all, add an asterisk to the inquiry.
The list of results display in the center of the screen and can be filtered by first name, last name, email, or username.
Once a user is selected, the right side of the interface displays the visible demographic information.
 |
Sponsored Accounts
The RapidIdentity People Module Sponsored Accounts interface is a system an organization's Sponsors can use to manage special user account life cycles.
A special user account is an account that must be managed outside of an authoritative system (e.g. HRMS).
Common Sponsored accounts can include contractors, interns, visitors, and volunteers.
Sponsors have five management privileges that show up in the Action bar once a sponsored account is selected.
Edit accounts
Transfer accounts to another Sponsor
Expire accounts
Certify accounts (extend the expiration)
Delete accounts
If a user is a Sponsor's manager, the user can perform Sponsor account actions for any of their sponsored accounts.
Administrators can designate a group of users as Sponsorship Module Administrators also.
Once sponsored accounts are set up, an administrator will still need to create an additional Delegation for managing certain aspects of sponsored accounts. For examples, the Sponsored Account delegation does not provide an action to reset a sponsored user's password. Create a delegation that displays sponsored account in order to provide that level of functionality.