The Identity Management (IdM) tool contains the Create User function to add new users. As an administrator, you can add new users in the enterprise directory and in the Identity Platform environment.
- Data store with service account write privileges to add users
- A realm for the Create User function with the following tabs configured before setting up the Post Authentication tab:
Data store limitations
Note the following issues for certain data stores on the Create User page.
- Create user with group is not supported (you can still create a user without groups) in Azure AD cloud and Oracle DB
- Create user is not supported in LDAP
Identity Platform configuration
- Go to the Data tab.
In the Membership Connection Settings section, restrict this realm to to only administrators in the Group Permissions subsection. Set the following configurations.
Note: This not required if your organization wants to allow admins to create their own accounts.
User Group Check Type Set to Allow Access. User Groups Enter the group name to which administrators belong. For example, Admins. Groups Field The groups field in the data store directory containing the group information for each user.
- Save your changes.
Go to the Post Authentication tab.
In the Post Authentication section, set the following.
Authenticated User Redirect Set to Create User. Redirect To This field is autopopulated with the post authentication .aspx page. This is appended to the domain name and realm number in the web address bar. For example, Authorized/CreateUser.aspx.
- In the User ID Mapping section, set the type of User ID to assert in the Create User function. This is usually the Authenticated User ID.
In the Create User section, set the user field (and its settings) you want to appear on the Create User page. The SecureAuth Field corresponds to the Profile Properties in the Data tab.
For most field settings, use the following Display Types, while others are self-explanatory:
- Hide – Do not show the SecureAuth Field on the Create User page.
- Show – Show the SecureAuth Field on the Create User page. You can edit this field.
- Required – Show and require edits of the SecureAuth Field on the Create User page.
Save your changes.
Optional configurations for token or cookie settings and SSO
In the Forms Auth/SSO Token section, you can optionally configure the token or cookie settings, and single-sign on (SSO) for this realm.
To configure token or cookie settings, see Configure token or cookie settings.
To configure this realm for SSO, see SecureAuth IdP single sign-on configuration.
To configure this realm for Windows Desktop SSO, see Windows desktop SSO configuration.