Adding Identities into IDM

This section covers how to add Identities into the application. “Identities” is the generic term used to describe employees and non-employees (e.g. contractors, vendors etc.). Identities are essentially users of the system and are listed on the home page of the IDM tab.

Identities are added into the system in a variety of different ways including:

  • Manually: An authorized user is able to add a new Identity directly on the home page of the IDM tab.
  • Spreadsheet Upload: An authorized user is able to upload a spreadsheet of users via the IDMUploads page.
  • IDM Importer: The IDM Importer Utility synchronizes Identities via an integration with a local SQL data source on an ongoing basis (details provided in a separated document).
  • Public API: Identities can be pushed into the system via the public API (details provided in a separate document).

Adding Identities Manually:

  • To add an Identity directly within the User Interface navigate to the home page of the IDM tab and click “New”.

  • Enter the appropriate identity information on the Identity page and click “Next” to continue. Fields indicated below are enabled by default. You can enable or disable the user field types and add the user-defined fields under IDM configuration.

  • On the “Identity Cont.” tab, the user must assign the new Identity to a Building and Company at minimum.

  • The “Web User” page allows the user to enter a user name and password for the Identity, or they can check “Invite Web User to Create Credentials”. Checking this box will send an email to the new Identity with a link allowing them to create their own user name and password for the system. Note: If SSO is enabled, this step is not required.

  • The Picture tab allows the administrator to take a photo (if connected to web camera) or upload photo for the new Identity.

  • If any User Defined Fields have been configured, they will appear on the “Additional Details” page. This page is skipped if no User Defined Fields are configured.

  • Select “Next” to continue; verify the information on the “Summary” page and then click Save.

  • Once saved, the user is taken to the “Identity Details” page for the new Identity. The user is able to edit all existing Identity data from this page including User Roles. The Actions section at the bottom of the screen allows the administrator to “Send Manage Credentials Request”. This will send the Identity an email, allowing them to update their login credentials for the application (this does not apply if SSO is enabled for this user).
  • The Actions section also allows the user to terminate, or permanently delete the Identity. A terminated Identity can be un-terminated; once an Identity is deleted, their data is removed permanently.

Adding Identities via Spreadsheet Upload:

Spreadsheet uploads provide great flexibility and ease of use without a complex integration, making this is an effective way to manage users. Spreadsheet Uploads can be used to add new Identities, or update existing Identities in the system.

  • To upload users via a spreadsheet, navigate to IDMUploads.

  • Click “New” to configure a new upload. Download a sample template of the CSV file.

  • The CSV template only contains the relevant column headings and a sample row of data (provided as an example). The column name lists which columns are optional.

  • Enter all the required information for all Identities into the spreadsheet (overwrite the sample data provided but leave the column headings as they are) and upload the CSV file.

Employee Number is typically used as the unique identifier for all Identities. If Employee Number is not present, then Email Address is used. If the unique ID in the sheet matches an existing Identity in the system, their record will be updated, instead of a new record being created.

  • The User Interface will specify which Building and Company will be assigned to the new Identities. Check “Override” to change the Building and/or Company. The user will only be able to assign specific Buildings/Companies according to their User Role.

  • Additional Configuration Options:

    • Send New Employee Web User Invitations: By selecting this option, email invites are sent to all the new users uploaded in the spreadsheet, allowing them to set up their own login credentials.
    • Send Existing Employees Web User Updates: If the existing users were updated via upload, this option allows them to receive an email allowing them to create/update their login credentials. This can be used for example if the existing users were not sent the registration email when they were first added into the system.

  • Click “Save” to upload the file. The application displays “File Received” along with the number of records being uploaded and processed.

IDM User Roles:

IDM provides a number of different User Roles, which define a set of access permissions to menus, screens, and options within the IDM tab.

User Role configuration on the IDM tab only controls access to the IDM tab itself. User Roles for GUEST and CONNECT are configured on the relevant GUEST or CONNECT tab.

The following IDM User Roles are available:

  • System Administrator: This role is provides full access to all aspects of the IDM tab, including all items under the Configuration sub-menu.
  • Building Manager: Building Managers are able to view and manage users that are assigned to specific Buildings in IDM. Building Managers are also able to edit the Buildings assigned to them under IDM Configuration Building Management.
  • Security Manager: Security Managers are able to manage the Watchlist Identities in the buildings to which the Security Manager is assigned. Security Managers also receive an email if a visitor matches an identity on the Watchlist in their assigned Buildings (requires configuration in GUEST).
  • Tenant Manager: Tenant Managers are limited to adding/managing users for specific Companies and Buildings only. A Tenant Manager can add new users, however they can only assign the new user to the Companies and Buildings to which the Tenant Manager has been assigned. Tenant Managers do not have any access to any IDM Configuration options.
    • A Tenant Manager is assigned one or more Companies and Buildings. The Tenant Manager will have access to the Identities that are assigned to the Company and Building the Tenant Manager has access to. The Tenant Manager can add new Identities, however they can only be assigned to the Tenant Manager’s Company and Building.
  • Report Viewer: Report Viewers are able to access the reports in IDM only.

Assigning a User Role:

  • To assign a user role, select the relevant user listed on the IDM home page and select “Edit Roles” on the right side of the screen.

  • Under Role Manager, select the roles you want to grant to the user and click “Save”. When users are granted any role, it is highlighted in green color and may also specify the Building assigned to the user.

User Registration and Login Process:

If Single Sign On (SSO) is used, the steps below are not required. Please contact your local IT Administrator for SSO login instructions.

As part of this process of adding a new Identity into the system, a user name and password can be entered manually, or an email can be sent to the user allowing them to create their own user name and password.

A sample registration email can be seen below. The new user will click the link in order to register (create a user name and password).

The user is able to register by clicking the link in the email.

Please use your customer specific URL to log into the system. This guide uses https://training.symmetry.net as an example only.

Login Page:

  • To log into the Application, go to https://training.symmetry.net (replace “training” with your own specific sub-domain) and enter your username and password.

  • To reset your password, click the “Forgot your password?” link on the login page and enter the required information.

  • An email is sent to the user with a link that allows them to reset their password.

Identity Expiration, Termination and Deletion:

Identities displayed on the IDM tab can expire automatically (on a specified date), or they can be manually Terminated, or Deleted. Identities can also be expired/terminated/deleted through IDM Importer, or the API (they can also be expired via Spreadsheet Upload).

Viewing Expired/Terminated Identities:

The status of each Identity is visible on the IDM Home page. Expired/Terminated Identities appear in red and their status (TERMINATED/EXPIRED) appears on the right side of the page.

Deleted Identities are completely removed from the system and are no longer visible.

Identities About to Expire:

Identities that are scheduled to expire in the next 30 days will appear in Amber color on the screen. This is to visually flag that the person will expire in the near future, however they are still active.

Identities that appear in amber color are still active and will function normally until they expire.