You need to be either a Global Administrator, Identity Repository Administrator, or have at least User Manager entitlements to add a directory user.

When you add new users to the PingOne for Enterprise Directory, you can pre-fill some or all of the user attribute values, or you can allow the new user to enter all of the necessary information.

By default, all new users are automatically assigned to the group Users, which has no directory entitlements (users aren't able to view directory information).

  1. Go to Users > User Directory > Users.
  2. Do one of the following:
    • To create the user using attribute values you assign:
      1. Click Add Users to display the list of methods to add a user, and select Create New User.
      2. In the Password section, enter the initial password to assign to the user.

        The user will be required to reset their password the first time they sign on.

      3. Enter the attribute values you want to assign to the user.

        The Username, and Email values are required. All new users are automatically assigned to the Users group, so specifying group membership isn't required, though we recommend it.

      4. Click Save when you're done.
      5. Send the user's single sign-on (SSO) credentials to them. The new user can then SSO to PingOne for Enterprise.
    • To invite the user, having them enter all of the necessary user attributes:
      1. Click Add Users to display the list of methods to add a user, and select Invite New User. You're prompted for the email address to use.

        Use this method when you need to contact the user via an alternate email address (one not associated with an application dependent on their single sign-on to PingOne for Enterprise).

      2. If the user currently has access to the email address assigned to their PingOne for Enterprise account, use Email Address to send the invitation. The new user is added to the directory and an email invitation is sent to the email address you've entered.

        Optionally, if the user currently doesn't have access to the email address assigned to their PingOne for Enterprise account, you can use Alternate Email to send the invitation.

  3. If you've chosen to invite the user, note the user's Invited status on the Users page. This status will change to Enabled when the new user activates their PingOne for Enterprise account.
    Note:

    The user invitation has a lifetime of 24 hours. If the user hasn't responded within that time you will need to resend the invitation.

    If a user clicks on an expired invitation link, they're redirected to the PingOne for Enterprise sign-on page, which displays an error message to request a new invitation from the administrator.

    You can change the destination of the redirect by using the redirectLink attribute in the PingOne for Enterprise Directory API. For more information, see User Registration Notifications.

    While the user status is Invited, you can choose to do any of the following (from the list next to the Details button):
    • Resend email to resend an email invitation using the user's account email address.
    • Resend email to alternate email address to resend an email invitation to an email address for the user that's not used for the account email.
    • Delete to remove the user from the directory.
  4. Repeat these steps for each new user to add to PingOne for Enterprise.
  5. To add a user to an administrative role (including adding a user to the Domain Administrators group), see Assign administrative roles.