The Add New User workflow in the Directory module allows administrators to onboard new users through a guided four-step process. Each step ensures that all required data is collected for user identity, access, security, and directory alignment. This manual explains each step in detail for accurate and secure user creation.
Enter User Details
In the first step, the administrator inputs core user information:
User Information includes first name, last name, display name, and the user’s official company email address. This email acts as the unique login credential.
Optional sections expand into more details:
User Security Settings: Configure MFA enforcement, set an auto-generated temporary password, and select allowed MFA methods (e.g., Email OTP). You can also assign a user role, such as "User" or "Admin".
Employment Information: Assign job title, department, employee ID, start date, and reporting manager.
Personal Employee Information: Fill in the user’s contact information, alternate email, phone number, address, date of birth, and upload a profile photo.
Once this information is completed, proceed by clicking Next.
User Configuration Fields
When onboarding a user manually, administrators can configure advanced profile details to support secure authentication, organizational structure, and personal records. These sections are typically optional beyond the required name and email fields, but are highly recommended for complete lifecycle management.
User Security Settings
The User Security Settings section is designed to enforce login protection, define authentication rules, and assign user roles. This section includes:
MFA Enforced: A toggle that requires the user to set up Multi-Factor Authentication (MFA) after their first login. It ensures the user account is protected by more than just a password.
MFA Setup Deadline: A dropdown allows administrators to define how long the user has to complete their MFA setup after the first login. For example, 7 days can be chosen to give users a grace period.
Temporary Password Settings: Admins can enable auto-generation of a temporary password, which expires in 48 hours. An optional checkbox forces the user to reset the password on first login, maintaining better security hygiene.
MFA Allowed Method: Defines the type of second factor permitted, such as "Email OTP" or other configured options.
Roles: Determines the user's access level in the platform. Typical options include "User", "Admin", or custom roles defined by the organization.
Employment Information
This section links the user’s identity to their position within the organization. It includes:
Job Title: The user's position (e.g., Marketing Manager, Software Engineer).
Department: The business unit or functional area the user belongs to (e.g., HR, Sales).
Employee ID: A unique identifier for internal HR or system integration purposes.
Start Date: The user’s official joining date, used for system triggers, workflows, or reporting.
Manager: Assigns a supervisor or reporting manager to the user, often used for access approvals or escalation flows.
This data helps structure the organization logically and supports role-based access controls.
Personal Employee Information
This section collects contact and identity details for internal use or integration with HR systems. It includes:
Profile Photo: An optional visual identifier. Users can upload or drag and drop a picture.
Home Address: A multi-field entry that includes country, province/state, city, address line, and postal code.
Alternate Email & Phone Number: Backup contact options for password recovery or emergency communication.
Date of Birth: Useful for verification or internal HR records.
Description: A free-text field for any extra user-specific information such as contract terms, notes, or onboarding context.
Filling out these fields ensures the user's record is comprehensive and supports downstream systems like payroll, compliance, or support routing.
These settings, while not all mandatory, help form a complete, secure, and compliant user profile within the organization. They ensure better alignment between IT, HR, and security operations.
Assign User Groups
In this step, select the appropriate User Groups to which the user will belong. These groups may reflect departments, teams, or role-based collections like “Sales,” “Onboarding,” or “Engineering Leads.”
Each group is listed with its type (Static, Dynamic, or Directory Synced), number of current users, and creation date. You can search, sort, and filter groups as needed.
This step ensures that the user inherits the correct policies and configurations based on group membership.
Click Next to continue once groups are selected.
Associate Devices
The third step allows you to assign Devices to the user. Devices are listed with their name, operating system version, and the last used timestamp. These may include desktops, laptops, smartphones, or virtual machines.
You can search or sort by device name, OS, or last activity. Check the boxes next to the devices that should be linked to the user’s profile.
Click Next when the appropriate devices are selected.
Enable Directory Integrations
In this final step, you can associate the new user with external Directories. This enables synchronization with services like:
Google Workspace
Active Directory
Microsoft (status may show as “Not Connected” if integration isn't active)
Each directory displays its connection status. Check the ones that should sync the user account into those environments.
Once finished, click Finish & Save User.
Final Confirmation and Activation
After saving, a confirmation modal will appear showing the new user's name, email, display name, and user state (initially set to “Staged”).
From this screen, you can:
Activate now: Immediately activate the account.
Schedule activation: Set a future date/time for the account to go live.
Send activation email: Automatically notify the user with login instructions and password setup.
You can also choose to Save and Create Another user from this screen.
This four-step flow ensures that every user is properly configured with correct attributes, access policies, and resource associations before entering the system. It supports both manual control and scalable onboarding through standardized fields and integrations.