Enrollment
Enrollment is a process that allows a user to register with the MAYI ID system and use the services associated with the Selfservice portal or the Credentials Reset application. The enrollment process consists of several steps in which contact or other information is collected and basic authentication methods are registered to verify the user's identity.
If you are admin and looking for ways to configure enrollment: (Admin permissions required to view)
• Configure auth. methods to use in enrollment - Authentication methods in TAC / Authentications
• Create different profiles and user groups - Enrollment profiles in TAC / User management
• Define who can invite who - Invitation templates
• Customise GUI and behaviour of enrollment app - Enrollment application configuration in TAC / Applications
• Enroll users from external resources eg. LDAP or Azure - Autoenrollment in Admin console
• Configure how user can enroll other users - "On behalf" enrollment
Use case
- Each new user can configure an access the MAYID system by filling contact details and enablind authentication tokens required by admin
- Enrollment is actually a must have prerequisite for each user
- Once enrolled user is ready to access and use the MAYI ID applications
Enrollment steps
The enrollment process consists of several steps in which contact or other information is collected and basic authentication methods are registered to verify the user's identity.
Steps in enrollment can differ depending on company policy, and are customisable by admin.
-
Invitation email
User receives an invitation email (from Admin or other user with invitational rights). Email should contain a link to enrollment and a username to use for sign in. -
Username + One time password
When opening the link, user will also receive an one time password (OTP) (either as a second email, or SMS to the mobile phone, depending on config.) for accessing the enrollment steps. First the username is asked, then the OTP. Once signed in to the enrollment, further steps will follow. -
Contact information
Once signed in user is asked to provide contact information for verifying in cases such as Emergency access. -
Authentication methods (tokens)
User is asked to setup one or more authentication tokens, which usually are in form of mobile authenticator applications. You can be asked to set-up more then one authenticators by admin.
Android iOS MAY ID authenticator (Our own in-house built app) MAYI ID authenticator (Our own in-house built app) Aegis Authenticator (Free, open source, Android only) Passwords (Native to iOS) Google Authenticator Google Authenticator Microsoft Authenticator Microsoft Authenticator -
Passkey
User might be asked to setup as yet another authentication method called Passkey. More about Passkey method here.
Android iOS How to setup passkeys with your existing iOS devices -
Verification questions
User might be also asked to create answers to a set of questions asked by admin. More about them here. -
Summary
User can review all the previous enrollment steps in a single view, which can also alert user about the missing required steps. -
Enrollment completed
User has completed the enrollment and is ready to sign in to the Selfservice, Vault or Certificates. For signing in, user can choose any of available methods (tokens) that just has enrolled. Admin would see user with a status Enrolled.
Types of enrollment
The enrollment process type documented above is called Self enrollment.
There are other types of enrollment used in specific scenarios, used only by admins.
- Self enrollment - The enrollment process type documented above - user can completely enroll by himself/herself.
- Operator - Admin can allow users to be enrolled by other existing users (also called on-behalf).
- Auto enrollment - Admin can configure external resource