Non-corporate workforce

A non-corporate workforce are transitional employees and those with limited access to applications. A transitional workforce has a high turnover with constant individual or group onboarding and offboarding of user identities. A workforce with limited access are those who only access a few applications, like open enrollment for insurance benefits.

Both types of employees are permanent, yet they are excellent candidates to include in an identity store. The key benefit is allowing non-IT personnel the tools to manage user identities in a privacy-based lightweight data store. Employees get secure access to applications, while your organization saves time and money:

  • When transitional employees give notice, the manager can set user identities to automatically expire on the last day of employment. This frees IT to perform other administrative tasks.

  • For limited access employees who rarely log in and forget their passwords, your organization saves money with fewer help desk calls by using the Identity Platform automated password reset page.

Workflow example

Use the SecureAuth Identity Store to manage transitional and limited access employees, while delegating their management and saving money for your organization.

Add transitional workforce user identities

Add transitional employees to groups to control access to applications in your organization.

Example: You have 150 permanent part-time movie concession workers, and need to manage their identities and required applications. In this scenario, concession workers include snack servers, bartenders, baristas, cashiers, and ushers.

Do a bulk upload of the user identities to the identity store. Add them to a group named ConcessionWorkers and set their group membership to "Never expire".

Group membership for managers

The concession workers report to different managers, leads, and supervisors, who are permanent employees. To manage frequent concession worker turnover, give managers access to the identity store.

Example: Creating a group for managers in this scenario is the most efficient way for them to manage the ConcessionWorkers group.

Create the ConcessionManagers group and add the managers, leads, and supervisors to this group.

In the ConcessionManagers group, add the Group ConcessionWorkers dynamic privilege. This gives managers privileges to manage user identities in the ConcessionWorkers group.


Each time you create a new group, it automatically creates a dynamic privilege in this name format: Group <name of group> dynamic privilege.

For example, the ConcessionWorkers group has a dynamic privilege named: Group ConcessionWorkers dynamic privilege.

Access to applications

Give concession workers access to applications in your organization.

Example: User identities added to the ConcessionWorkers group need access to cash registers, kiosks, and hand held ticket scanners.

In the Identity Platform, add the identity store that contains the ConcessionWorkers group to a user authentication policy.

Manage transitional workers

When concession workers give notice, set their employment ending date in the ConcessionWorkers group to withdraw access to applications.

Example: Managers go into the identity store and adjust the employment end date for concession workers in the ConcessionWorkers group. All access to applications for concession workers automatically expire on their employment end date.

Manage limited access workers

Managing a group of employees with limited access is similar to transitional workers, but differs in a few ways:

  • Limited access employees have a lower turnover rate, so managers rarely access the SecureAuth Identity Store to change their employment end date.

  • Limited access employees rarely log in and might forget their password. They need help resetting their password.

    • In the Identity Platform, add the identity store that contains the group of limited access employees and give them access to the Password Reset self-service page.