Identities

Every user that authenticated via The Identity Hub is represented by one Identity. A user can have multiple Identities in a single Tenant, if the user authenticates using different Account Providers (e.g. Office 365, Facebook...). A user can link all the Identities in a single Tenant into one Identity using Account Linking, resulting in a single identity with multiple accounts.

Roles of a User

To view the roles of a user:

  1. Navigate to the Users Admin Page (https://www.theidentityhub.com/{tenant}/Admin/Identity/List) of your Tenant. If you don't have a Tenant yet, you can register one for free.
  2. Search for the user you want see the Roles for.
  3. Click the user to go to the detail page.
  4. In the left navigation click Roles.

For more information see Roles

View and search the list of Users

To view the list of users in a Tenant:

  1. Navigate to the Users Admin Page (https://www.theidentityhub.com/{tenant}/Admin/Identity/List) of your Tenant. If you don't have a Tenant yet, you can register one for free.
  2. No results are loaded by default, you need to provide a search query.

To search and filter the list of users in a Tenant:

  1. Navigate to the Users Admin Page (https://www.theidentityhub.com/{tenant}/Admin/Identity/List) of your Tenant. If you don't have a Tenant yet, you can register one for free.
  2. Configure the filter settings by clicking the filter icon
    It is possible to indicate the user properties used to search : Email, Name, Account UPN or Identity Identifier.
    Additionally one can indicate which information needs to be shown / filtered out: last login information, trusted users (on prem only), archived users. The applied filter is shown.
  3. To filter on an Account Provider select an Account Provider from the dropdown list in the top bar. The list will be filtered to show only users having an Account for that Account Provider.
  4. To search the list of users, fill a search query (at least 7 character) in the Search users box and press enter or the search icon.

The information shown for each user includes:

  • Profile info: picture (if available), Display name, Email and unique Identity Identifier
  • Indications about type of accounts linked to the user: User with password in The Identity Hub, User with a trusted account, user with an account provided by an external IDP
  • Indication if the user has an MFA secret
  • Indication if the user is archived
  • Last login info based on logon sessions (according to filter settings)
Note

In case logon sessions are purged only the information available will be shown.

Archive a User

A user can be archived. The archival of users can be used as a way to filter out inactive users from the list of users. An archived user can still authenticate. When doing so, his account is automatically reactivated and will no longer be archived.

  1. Navigate to the Users Admin Page (https://www.theidentityhub.com/{tenant}/Admin/Identity/List) of your Tenant. If you don't have a Tenant yet, you can register one for free.
  2. Search for the user you want to archive and open the details by selecting the user.
  3. In the top menu, click on Archive and confirm you want to archive the user.
Note

You cannot activate an archived user. Only an authentication by the user will reactivate the account. All other admin actions on a user (for example: blocking a user or resetting the MFA flow) remain possible.

Block a User

A user can (temporarily) be blocked. Blocked users can no longer authenticate.

  1. Navigate to the Users Admin Page (https://www.theidentityhub.com/{tenant}/Admin/Identity/List) of your Tenant. If you don't have a Tenant yet, you can register one for free.
  2. Search for the user you want to block and click the Disable button.
  3. Confirm that you want to block the user by clicking Ok

In case the administrator is part of an admin scope, this scope will be applied as quarantaine scope. Only administrators part of the same scope will be able to unblock the user again.

Delete a User

A user can be deleted.

  1. Navigate to the Users Admin Page (https://www.theidentityhub.com/{tenant}/Admin/Identity/List) of your Tenant. If you don't have a Tenant yet, you can register one for free.
  2. Search for the user you want to delete and click the user to go to the detail page.
  3. Click Delete in the top bar.
  4. Confirm that you want to delete the user by clicking Ok

Bulk actions on a list of users

If your tenant has been enabled to allow bulk operations it is possible as an IAM administrator to execute an action (e.g. block or enable) on users in bulk. The bulk process requires you to upload a CSV file with specific information like the unique Identity Identifier.
The easiest way to get this information is to start from an existing report and keep the relevant columns and lines.

  1. Navigate to the Users Admin Page (https://www.theidentityhub.com/{tenant}/Admin/Identity/List) of your Tenant and click the Bulk process identities button. Or directly go to the Bulk Processes page (https://www.theidentityhub.com/{tenant}/Admin/Bulkprocess/List)
  2. Upload a CSV file containing at least the identifying information: tenant url segment and unique identity id.
  3. Indicate if additional user data like the (display) name and email address of the user should be validated (= match the current identity information in TIH) before executing the action.
  4. Pick the action to perform on the users
  5. Add any (optional) additional information you want to note on this bulk process
  6. Press Save

When the file is in the correct format, the information in the CSV file will be parsed and stored. If no validation of the name and email address is requested, then this information will be ignored.
To start the process, click the Start button. The progress can be followed or you can return to the detail page later.
If the bulk process has executed the requested action the processed flag will be checked; if not, an error message explaining the issue will be shown.

Note

You can not block an already blocked user (no matter how this identity was blocked), or re-enable an already enabled user.
In case another administrator (or process) executed the action first, a message will be shown stating the data has been changed in the mean time.

Warning

Deleting users can not be undone. If you have a legal obligation to keep information about your users take this into consideration when creating the CSV file.

Audit

When an administrator searches, views or updates Identity details this is audited.

Accounts Account Linking
Roles