Skip to main content
Skip table of contents

User management

Create a user

  1. Go to Directory > Users.

  2. Click on + Add User.

  3. Fill in the user information:

    • Email

    • First Name

    • Last Name

    • Username (must be unique across the tenant)

  4. Click on Save.

    image-20250908-081331.png

The user is successfully created.

Depending on the enrollment policy:

After creation, you can edit the user to:

  • Add personas

  • Manage authentication methods

  • Generate reset codes

Block / Unblock a user

To block / unblock a user from the admin portal:

  1. Go to Directory > Users

  2. Click on the relevant user (or on the three dots).

  3. Click on Block/Unblock.

  4. Confirm in the pop-up if you are blocking a user.

    image-20250908-082936.png

The user is successfully blocked/unblock. When blocked, users cannot log in until unblocked.

Delete a user

To delete a user from the admin portal:

  1. Go to Directory > Users

  2. Click on the relevant user (or on the three dots).

  3. Click on Delete.

  4. Confirm in the pop-up (Yes, delete).

The user is successfully deleted.

Manage users' personas

You can add a persona to a user.

From the admin portal:

  1. Go to Directory > Users

  2. Click on the edit button for the relevant user.

  3. Go to Personas tab and click on +Add Persona

  4. Select a persona and click on Next step.

    image-20250908-090241.png

  5. You can:

    1. Set the persona as preferred (the persona will be used by default).

    2. Define a validity period.

    3. Assign persona scopes (used with the delegated administration feature),

    4. Add entitlements: information about the user that may affect access (subscriptions, permission sets, access groups, or application roles).

      image-20250908-090901.png

  6. Click on Save.

The persona is successfully added to the user.

Manage users' authentication methods

Administrators can manage users' authentication methods. They can:

  • lock or unlock users' authentication methods,

  • delete users' authentication methods,

  • generate enrollment links,

To access a userโ€™s authentication methods, go to Directory > Users.
Click on the user and go to Authentication methods tab.

Setting

Description

Type

The type of authentication method (TrustBuilder Authenticator, FIDO2, External)

Device name

Device name defined by the user

Status

Current status of the device:

  • Active

  • Locked by administrator

  • Locked by user

Last used

Last time the device was used for authentication.

Registered at

Date and time when the device was activated.

Additional information

Technical information about the device.

  • OS: the operating system of the device.

  • Browser: the browser used during authentications.

  • Model: the device model (if available).

  • AAGUID: the Authenticator Attestation GUID, a unique identifier for FIDO2 authenticators.

Lock / Unlock an authentication method

  1. Go to Directory > Users.

  2. Click on the user and go to Authentication methods tab.

  3. Click on the three dots icon of an authentication method.

  4. Select Lock (or Unlock).

    image-20250904-090349.png

  5. Click on Yes, continue to confirm your choice.

    image-20250904-090655.png

The authentication method is successfully locked or unlocked.

Methods Locked by administrator can only be unlocked by an administrator.

Delete an authentication method

  1. Go to Directory > Users.

  2. Click on the user and go to Authentication methods tab.

  3. Click on the three dots icon of an authentication method.

  4. Select Delete.

    image-20250904-090429.png

  5. Click on Yes, continue to confirm your choice.

The authentication method is successfully deleted.

Administrators can generate an enrollment link for a user. This link allows the user to activate an authentication method.

To generate an enrollment link:

  1. Go to Directory > Users.

  2. Select the user.

  3. Go to Authentication Methods tab.

  4. Click on Generate an enrollment link at the top-right.

Depending on the enrollment policy, the enrollment link is either sent to the user by email or displayed in a pop-up window to copy and share to user.

Generating a new link automatically replaces the previous one.

Provide a reset code to a user

A user may block their secret code after too many incorrect attempts. They may also forget their secret code. In both cases, they will need a reset code to define a new one.

A user can obtain this reset code by contacting their administrator.

๐Ÿ“„ See TrustBuilder Authenticator Settings to manage reset code settings.

In Trustbuilder Admin Portal:

  1. Go to Directory > Users.

  2. Click on the user who needs a reset code.

  3. Go to the Authentication methods tab.

  4. Click on Generate a reset code.

    image-20250708-081455.png

The reset code is generated. It replaces any previously existing one.

You can either share it with the user manually, or it can be automatically sent to the user by email.

๐Ÿ“„ See TrustBuilder Authenticator Settings to manage reset code settings.

Users cannot generate a reset code themselves yet from the Self-Service Portal. This feature will be available in a future release.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close