Skip to main content
Skip table of contents

Enhanced External User Onboarding with Granular Permissions and Contact Detail Validation

We've significantly improved the process of onboarding external users, especially those without access to standard corporate systems, by introducing more granular control and flexible validation options.

  • New Granular Permission: To enhance security for external onboarding, a new administrator permission, "Use invitation contact details", has been implemented. This permission is granted to administrators by default and allows designated groups to utilize the new functionality for generating enrollment codes and sending invitations using manually provided contact information.

    image-20250509-120756.png

Members of predefined “Administrators” group will always have access to the feature, regardless of the permission being assigned or not in Admin UI.

image-20250512-111237.png


Attempting to generate, regenerate a code or invitation without the proper permission set on a Veridium Manager account will result in a descriptive error:

image-20250512-105629.png

  • Admin-Configurable Contact Detail Usage: Administrators can now enable the system to utilize manually entered contact details during the OTP code validation process. This feature is activated within the administrative settings under Enrollment → Code Validation → Options. A new toggle, "Use contact detail in code validation step", controls this functionality. When enabled, administrators can specify which user groups are authorized to use this feature. Leaving the "Allowed groups" list empty will make this capability available to all users.

    image-20250509-120855.png

Flexible Code and Invitation Generation with Manual Contact Input

Administrators can now directly input personal email and phone numbers when generating enrollment codes and invitations for external users. This allows the system to send both the initial invitation and the subsequent validation OTP to these specified contact details, even if the users lack corporate accounts.

Generating an Enrollment Code:

  1. Navigate to Identities → Manage Enrollment Codes → Create Code.

  2. Search for the user via the connected LDAP directory.

  3. Configure the invitation details:

    • Select the Invitation Channel (Email or SMS).

    • Manually enter the user's personal email and personal phone number.

    • Enable the “Use Contact Details In Code Validation Step” toggle (as seen in Image 3).

    • A “Validation Channel” dropdown will appear. Choose the channel.
      Note: the rest of the code parameters work the same as in previous versions (validity, no. of usages)

  4. Click Generate to send the enrollment code and initiate the validation process.

    image-20250509-121047.png

Generating an Invitation:

  1. Navigate to Identities → Manage Enrollment Codes → Create Invitation.

  2. Enter an invitation name and click Save.

  3. Add users using one of the following methods:

    • Search for individual user: Click Search for user, type the username, manually enter the personal email and personal phone number, and click Save.

    • Import a CSV file: Download the CSV template, fill in user details including their personal email and personal phone number, and then upload the completed file using the Import CSV file button.
      Note that CSV templates generated from previous versions will not work, since the “Phone” field has been added. Please use the “Download CSV template” button and populate the template with the required data.

  4. Click the Generate codes button.

  5. Set the Invitation Channel (Email or SMS).

  6. Enable the “Use Contact Details In Code Validation Step” toggle (as shown in Image 4).

  7. A “Validation Channel” dropdown will appear. Choose the channel (which must be different from the invitation channel) for sending the validation OTP.

  8. Click Generate to send the invitations.

    image-20250509-121226.png

Note that CSV templates generated from previous versions will not work, since the “Phone” field has been added. Please use the “Download CSV template” button and populate the template with the required data. If data in “Phone” field is missing, the invite process will still work, but a “error_” csv will be offered for download, which will signal the missing data.

Key Outcome:

By leveraging manually entered contact details, our system now provides a seamless way to onboard external users who do not have corporate system access. The invitation code and validation OTP can be delivered to their personal email addresses or phone numbers, ensuring a smooth enrollment process.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close