Configure people identifiers
In the Management Portal at Data Model > People Identifiers, configure methods to identify people in your environment. This can be the Windows user account or an e-mail address, but also an employee ID or phone number; as long as you can assign a unique value to it. User authentication in the Web Portal is also based on people identifiers.
You can specify individual values for a person by opening the person's record from the People page, then clicking the Properties tab.
Identity Director contains two default people identifiers:
- Primary e-mail address
- Windows user account
By default, people in your environment are identified through their Windows user account. You can change this at Setup > Behavior > General.
After changing the People Identifier, make sure to log out of the Management Portal and log back in for the new settings to be properly applied.
Configuration
Field | Explanation and Tips |
---|---|
Link to service attribute |
Resolve the value of the people identifier automatically when someone subscribes to the service. For example, this allows you to determine the value through user input.
|
Restricted information |
Mask the people identifier value in the Management Portal. This ensures you can be compliant with the privacy laws of your country or organization, as unauthorized administrators do not have access to private information like e-mail addresses, phone numbers, social security numbers, etc. This functionality applies to the Management Portal only; restricted information is still shown in the Web Portal.
|
- People identifier values have a limit of 255 characters. If the value of a people identifier exceeds this limit, for example because it is linked to a service attribute or because it is set by a Set Person Attributes and Identifiers action, it is truncated to 255 characters.
People identifiers for Identity Director administrators
Consider the following scenario:
-
At Setup > Behavior > General, you have configured an option other than the Windows user account as the People Identifier in your environment (Primary e-mail address, employee ID, User Principal Name, phone number).
-
As an administrator, you are requesting/assigning or returning/unassigning a service for one of the people in your environment, in the Management Portal.
In this situation, you need to add the Windows account of the administrator (DOMAIN\user name) as the same type of identifier, as pictured below:
This is because once the Windows authenticates a person based on the set identifier, it returns the Windows user account, and not the identifier.
If a person's identifiers are not configured as described above, the system will be unable to recognize the account as an Identity Director person and, therefore, will not allow it to request or return services for people.