Users General Information

The Users contains the List of users and displays all enrolled users of a specific tenant. ~~Also~~Also, the list of partially enrolled users (where the enrollment was started but ~~for some reason~~is still not finished) can be displayed.

Available actions for userusers with appropriate privileges:

Display user detail	[ click on the row ]	Display user details ~~gives~~allows the operator ~~the opportunity~~ to display all necessary ~~detail~~details needed for the overall view of each user.
Add new user		Onboarding invitational process where an operator can invite a user to ANT ID byin two ways: create an invitation and send it to a user - for users already created in the tenant's LDAP - enrollment will be done by the user himself create an invitation, create a user and possibly ~~enroll~~enrol the user (even to a different tenant) - enrollment will be done by an operator on behalf of the user - see Complete enrollment
Display partially enrolled users		By default, fully registered users are displayed. By changing the box, it is then possible to display only partially registered users, i.e. users whose registration has been started but for some reason has not been completed, or who have been unregistered by the operator. For such users it is possible to use the Complete enrollment function - see below.
Search		Search for the specific user by using the username, first name or last name.
Complete enrollment		The feature is available only for partially enrolled users - an operator can use it and finish the user's ~~enrollemnt~~enrollment on behalf of a user. ~~Enrollment~~The enrollment process is done by the operator on behalf of the user. In specific ~~cases~~cases, it is also possible for the operator from one tenant to ~~enroll~~enrol the user to another tenant (in case ~~that~~the operator has all requested permissions and privileges defined on the target tenant side).
Create emergency access		Emergency access is a feature that allows an operator to generate a special one-~~time-~~time password (OTP) for a user who has lost all means of authentication using a second factor - for example, a lost mobile phone. The OTP generated in this way has a limited validity and gives the user the possibility to log in to the application and perform the necessary actions to register new ~~second~~ second-factor authentication methods (for example, registration of new tokens on a new mobile phone, etc.). ~~Emergency~~An emergency access code could be also used as an approval method. Note: The emergency code can be used to log in as a replacement for a standard OTP or as part of the approval process. Its validity is defined based on a template, BUT this code is deactivated when any of the following operations are performed: when the OTP address in the token changes (virtual, ~~sms,~~SMS, email) the new token is enrolled the token is activated
Show magic questions		Display the user's magic questions and answers.
Authenticate user		The user authentication feature is used by operators to verify the identity of the caller. It consists inof sending a specifically generated OTP in a chosen way (for example to a mobile phone) and its return verification during communication with the caller. If the OTP communicated by the user is correct, it can be assumed that he is who he claims to be.
Unlock user		~~Feature~~A feature used by an operator to unlock a user account locked in ANT ID - OTP auth application. ~~User~~Users can lock due to multiple wrong password ~~input.~~inputs.
Synchronize user		~~Feature~~A feature used by an operator to ~~immediate~~immediately update of user from an external resource (first name, last name, status ~~and~~ etc).
Enable / Disable user	/	~~Feature~~A feature used by an operator to enable disabled ~~user~~users or to disable active ~~user~~users in AD.
Un-enroll user		~~Re-~~Un-enroll user feature allows an operator to delete an enrolled user from the system in case of any problems with ~~users~~user configurations. During the ~~deletion~~deletion, all user data and enrolled tokens are removed from the database and relevant ~~storages.~~storage. The user receives an email with information about the link to make a new enrollment.
Delete user		Permanently delete the user from the system and ~~from~~ source LDAP as well - depending on ~~admins~~the admin's configuration.
Reorder and Hide Table Columns		Simple interface for column organisation.

Invite new user - Import user from LDAP

1	Open the Users option in the Operational Console menu.
2	~~List~~A list of the tenant's users will be displayed.
3	Press the INVITE NEW USER button [ ].
4	The modal window with the list of onboarding templates will be displayed. ~~Note: in~~In this ~~selection~~selection, only the LDAP type on invitation templates ~~are~~is displayed.
5	Select the Import existing user choice, choose the template from the list and press the button NEXT. ~~Note: the~~The templates are configured in the IGA - Governance console by the user with a specific privilege
6	Insert the username of the new user and press the NEXT button. ~~Note: as~~As the invitation is based on LDAP so username must ~~exists~~exist in LDAP, ~~otherwise~~otherwise, the invitation will be stopped with the "User does not exist" message.
7	~~Modal~~A modal window with the details of the user will be displayed. Check the email address for the invitation and press the SEND INVITATION button if the user is already enrolled the message is displayed - the user with a specified username should be visible with the list of the users if the user is already in the onboarding process (invitations isare already created) - new onboarding is rejected or the previous invitation can be deleted and the user can be onboarded bywith a new invitation
8	Invitation email will be ~~send~~sent to the specified email address. So the user can start the onboarding process.

Invite new user - Create a new user

1	Switch to the relevant Tenant, and open the Users option in the Operational Console menu.
2	~~List~~A list of the tenant's users will be displayed.
3	Press the INVITE NEW USER button [ ].
4	The modal window with the list of onboarding templates will be displayed. ~~Note: in~~In this ~~selection~~selection, only EXT type on invitation templates - see Invitation configuration page for more details.
5	Select the Select new user choice, choose the template from the list and press the button NEXT. ~~Note: the~~The templates are configured in the IGA - Governance console by the user with specific privilege - see Invitation configuration page for more details.
6	The invitation form will be displayed. ~~Note: the~~The scope of the invitation form is defined on the template level - see the Invitation configuration page for more details.
7	Fill in the requested information and the finish of the invitation process ~~end~~ends with the following variants - ~~depends~~depending on the configuration and operator's permissions and privileges:
8	Variant A - operator has: relevant permissions for the enrollment profile (configured in the Admin console) privilege to ~~enroll~~enrol the user for the selected tenant (configured in the Admin console) the enrollment type on the invitation is set as ON_BEHALF so the CONTINUE button will create a user in LDAP and also in the ANT ID database and start the enrollment on behalf process.
9	Variant B - operator has only: privilege to ~~enroll~~enrol the user for the selected tenant (configured in the Admin console) the enrollment type on the invitation is set as ON_BEHALF but doesn't have permission for any enrollment profile so the CONFIRM button will create a user in the LDAP and inthe ANT ID database - the user will be available on the list of users as a partially enrolled.

Enroll new user - Enrollment on behalf

1	This function could be run as a part of the invitation process (see above - Invite new user - Create new user) OR as sa stand-alone feature from the Users list in the Operational console - open the Users menu option in the Operational Console menu, switch to Partially enrolled users and use the Complete enrollment menu option from the context menu
2	The first step of enrollment on-behalf form will be displayed. Note: the content of the form is defined on the administrator level.
3	Fill in all mandatory fields and press the CONTINUE button.
4	The second step of enrollment on-behalf form is displayed. This step contains the enrollment of tokens. Press the ADD NEW TOKEN button [ ] to select which type of token ~~shold~~should be enrolled - see the token enrollment help page ~~Note: the~~The types of tokens that could be enrolled are defined on the administrator level.
5	~~Enroll~~Enrol the required number of tokens and press the ENROLL USER button.
6	The user is enrolled in ANT ID and capable toof log-in using the enrolled token.

The configuration of the enrollment profile is done in the Admin console on the Enrollment configuration menu option - see the Enrollment configuration documentation page.

Display user detail

1	Open the Users menu option in the Operational Console menu.
2	L~~ist~~A list of the tenant's users will be displayed.
3	Search for the desired user - you can use the Search function - and ~~mouse~~ mouse-click on the selected row. ~~Note: search~~Search is possible by username, first name or last name
4	The drawer with the details of the user will be displayed on the right side of the screen - for detailed help please visit the User detail help page

Create emergency access

1	Open the Users menu option in the Operational Console menu.
2	~~List~~A list of the tenant's users will be displayed.
3	Search for the desired user - you can use the Search function - and ~~mouse~~ mouse-click on the selected row. ~~Note: search~~Search is possible by username, first name or last name
4	Press the CREATE EMERGENCY ACCESS button [ ] within the chosen user from the context menu [ ].
5	Select the template according to which emergency ~~acces~~access OTP is to be created and press the GENERATE button. depending on the chosen template the validity in hours or max number of usage ~~count~~counts will be displayed. note: the naming of templates depends on the setup of each tenant note: The emergency code can be used to log in as a replacement for a standard OTP or as part of the approval process. Its validity is defined based on a template, BUT this code is deactivated when any of the following operations are performed: when the OTP address in the token changes (virtual, ~~sms,~~SMS, email) the new token is enrolled the token is activated
6	The OTP will be generated hidden, but by using the HIDE button [ ] its value can be displayed.
7	The COPY-TO-CLIPBOARD button [ ] will then copy the OTP to the clipboard. ~~Also~~Also, the expiration date will be displayed. The code can also be viewed in the NATO phonetic transcription for better communication with the users - use the button [ ] to display the transcription.
8	If you want to generate the code again, you can replace the template and repeat the whole process again.

Show Magic questionquestions and answers

1	Open the Users menu option in the Operational Console menu
2	~~List~~A list of the tenant's users will be displayed.
3	Search for the desired user - you can use the Search function - and ~~mouse~~ mouse-click on the selected row. ~~Note: search~~Search is possible by username, first name or last name
4	Press the SHOW MAGIC QUESTIONS button [ ] within the chosen user from the context menu [ ].
5	The list of user's magic questions and answers will be displayed.
6	Press the EYE button [ ] within the chosen question and hold. The eye icon will be changed and the saved answer will be displayed.

Authenticate user

1	Open the Users menu option in the Operational Console menu.
2	~~List~~A list of the tenant's users will be displayed.
3	Search for the desired user - you can use the Search function - and ~~mouse~~ mouse-click on the selected row. ~~Note: search~~Search is possible by username, first name or last name
4	Press the AUTHENTICATE USER button [ ] within the chosen user from the context menu [ ].
5	Select how the OTP is to be delivered and press the NEXT button. ~~Note: the~~The list of methods is based on contact details filled within the Enrollment process or in the Contact details feature - the feature doesn't use the user's tokens but only contact details like a mobile phone number or email address
6	The system will send the OTP to the user in the selected way.
7	Request the delivered OTP from the user ~~and~~ fill it toin the OTP field and press the CONFIRM button
8	If the entered OTP is correct the system will display a message about successful authentication of the user.
8	If the entered ~~otp~~OTP is not correct, the user is not authenticated. Authentication could be done repeatedly.

Unlock user

1	Press the UNLOCK USER button [ ] within the chosen user from the context menu [ ].
2	The application will call ANT ID - OTP Auth app and reset the number of failed attempts so the user can try to ~~log-~~log in again.

SynchonizeSynchronize user

1	Press the SYNCHRONIZE USER button [ ] within the chosen user from the context menu [ ].
2	The application will call an external AD database, fetch user data (name, surname, status...) and refresh stored data.

Enable / Disable user

Press the ENABLE USER button [ ] or DISABLE USER button [ ] within the chosen user from the context menu [ ].

~~Note:~~
Enable user feature is available for disabled ~~user~~users and Disable user feature is available only for active users

For ~~disable~~disabled ~~user:~~users: the user will be disabled in resource AD - the Enabled status will be set to NO.

~~Note:~~A disabled user is forbidden to ~~log-~~log in.

For enable user: the user will be disabled in resource AD - the Enabled status will be set to YES.

Un-enroll user

1	Open the Users menu option in the Operational Console menu
2	~~List~~A list of the tenant's users will be displayed.
3	Search for the desired user - you can use the Search function - and ~~mouse~~ mouse-click on the selected row. ~~Note: search~~Search is possible by username, first name or last name
4	Press the RE-ENROLL USER button [ ] within the chosen user from the context menu [ ]. The application removes all user details from the system and at the same time all registered tokens from the management systems. the user receives an email with information about the link to make a new enrollment
5	Confirm the modal confirmation ~~modal~~ window by pressing the UNENROLL button. ~~Note: The part~~Part of ~~un-enroll~~the unenroll process is to send the email to the unenrolled user so he can start the enrollment process again.
6	~~List~~A list of users will be displayed where the ~~un-enrolled~~unenrolled user won't be displayed.

Delete user

1	Open the Users option in the Operational Console menu.
2	~~List~~A list of the tenant's users will be displayed.
3	Search for the desired user - you can use the Search function - and ~~mouse~~ mouse-click on the selected row. ~~Note: search~~Search is possible by username, first name or last name
4	Press the DELETE USER button [ ] within the chosen user and confirm the deletion. The application removes all user details from the database and at the same time all registered tokens from the management systems and LDAP system.
5	Confirm the modal confirmation ~~modal~~ window by pressing the DELETE USER button. ~~Note:~~ The user can be deleted only from the ANT ID database or even from LDAP - the level of deletion is configured by the administrator.
6	~~List~~A list of users will be displayed where the removed user won't be displayed.

Reorder and Hide Table Columns

~~Simple~~A simple interface is shown, you can rearrange the order of columns to your liking by dragging them with two horizontal lines ~~icon.~~icons.

You can also hide or show columns with the checkbox.