Only an account administrator can create an identity template.
Create identity
templates to address the identity requests that your organization frequently encounters.
You can create identity templates with predefined role access to suit different
requirements. For example, identity requests for different types of contractors, or
identity requests for large groups of specific employees who require access to a
specific site or building.
When an identity request is submitted using an identity template, the identity is
added as a role member to the roles that apply to the template and inherits the
associated role access.
Procedure
Click Organization
> Identity templates.
Click Add identity template.
In the Identity template section, complete the fields or configure
the settings as required:
Identity template name
Enter a name that summarizes the type of identity requests that the template is
intended for. For example, Electrical contractors.
Description
Enter a meaningful description that describes the purpose of your template. For
example, Electrical contractors for HQ Main Building.
Form type
Standard is the default.
Enabled
Move the slider to the Enabled position for this template
to be available for selection when requesting an identity. Enabled is the default.
In the Web portal access section, configure the option that
you require.
Enable option for web portal access
Select the check box if you want to display the web portal access option when
requesting an identity.
Note: When requesting multiple identities the
availability of the web portal access option is dependent on your template configuration.
If your template does not include the web portal access option, the web
portal access fields are ignored.
If your template does include the web portal access option, the web
portal access fields are processed.
In the Access control section, configure the options that you
require.
An expiry date is required
Select the check box if you want to enforce an expiry date when creating
identity requests.
Enforce a maximum duration for the period of access
Select the check box if you want to specify a maximum duration when
creating identity requests.
Limit the duration to nnn days
Specify a maximum duration. For example, 365 days.
Click Next.
In the Permissions section, configure the settings or add roles
as required:
In the Who can request this identity template? section, do
one of the following:
If you want all users to be able to select this identity template, select the
All users can request
identities check
box.
If you want to select specific roles, click Add
role.
Note: If you selected All users can request
identities proceed to step
6.
If you clicked Add role, search for or select one or more roles
and click Add.
NOTE: The roles that you add in the Who can request this identity
template? section determine who can request identities using this template.
For example, you might add a role, so that only Contractor managers can request
identities. Another example could include buildings with tenants spaces, for that
situation you might want to create Tenant managers.
(Optional) In the What roles do you need? section, add the roles
that you
require.
Click Add role.
Search for or select one or more roles and click Add.
Note: The roles that you add in the What roles do you need?
section determine the access that the identity inherits when an identity is
requested using this template. For example, an electrical contractor role could be
setup with access to rooms containing electrical infrastructure.
Click Next.
In the Approval setting section, select the Identity
request approval workflow that you require.
No approval required
Automatically approved.
Supervisor approval required
Approved by the supervisor of the requester.
Note: If the requester has no
supervisor (or is a trusted requester) the supervisor approval step is
bypassed.
Identity approvers approval required
If selected, identity approvers must be added.
Click Add and choose either Add
identities or Add roles.
Complete the steps as prompted.
Supervisor and identity approvers approval required
If selected, supervisors are already associated with the identity, however the
identity approvers must be added as described previously.
Note: If the requester has
no supervisor (or is a trusted requester) the supervisor approval step is
bypassed.
API approval
API approval is only used when the identity request approval workflow is
customized to handle requests from an external service.
For example, Genetec ClearID™ LDAP Synchronization Agent, Genetec ClearID™ One Identity Synchronization Tool, or
an API workflow for a plugin integration. In this situation, the request approvals
are not shown in the ClearID user
interface.
Note: If a user creates an identity request using the ClearID web portal, that user will still see
their requests in the My requests dashboard.