User Onboarding through the Identity Provider
The onboarding procedure is triggered when an unenrolled user attempts to log on to a web application secured by the HID DigitalPersona Identity Provider for the first time, where:
-
A Multi-Factor Authentication policy is being enforced
-
Self-enrollment is enabled and
-
The User Onboarding GPO is enabled (it is enabled by default)
For example, consider a scenario where the DigitalPersona Logon Policy is Password plus PIN and a user has never enrolled a DigitalPersona credential before.
-
The user attempts to access a web application and is redirected to the HID DigitalPersona Identity Provider.
-
They enter their password.
-
The HID DigitalPersona Enrollment app displays.
-
The user enrolls the required credential (in this case a PIN) and clicks Proceed to logon.
-
On the next page, they click Return to the application.
They can now log on to the HID DigitalPersona Enrollment application to enroll any other credentials allowed by the policy in force, or log on to any other web applications where authentication is provided by the HID DigitalPersona Identity Provider.
For further information about using the DigitalPersona AD Identity Server, see Integrating the DigitalPersona Identity Server.