Configuring Self-Registration

Summary

This introduction article will help TeamDynamix Administrators to configure Self-Registration using TDAdmin.

Body

This introduction article will help TeamDynamix Administrators to configure Self-Registration using TDAdmin. The user must have the Administrator permissions in TDAdmin.

Overview

Self-registration relies on your organization's Lightweight Direct Access Protocol (LDAP) or Single Sign-On (SSO) directories. When a user attempts to log into the Client Portal, the new client user records are automatically created using their organizational credentials from LDAP or SSO.

We strongly recommend self-registration as the primary client user import system to bring users who will rarely interact with the Client Portal into the system. This helps alleviate the stress of importing thousands of clients who may potentially not even use the system. With self-registration, client users are created on-demand automatically, making the process simple.

Where to Find This

This feature is configured in the TDAdmin interface.

TDAdmin is where administrators will enable Self-Registration and TDClient is where users will be able to login with their organization credentials and request assistance.

Navigate to Self-Registration settings following these paths:

  • TDAdmin > Organization Settings > Self-Registration > +Add to add a new Self-Registration Profile

Where to Start

When self-registration is configured and enabled for your organization, users who do not have TeamDynamix user accounts configured will be able to navigate to the TeamDynamix client portal login page for your organization ([yourorganization].teamdynamix.com/TDClient/) and sign in using their organizational credentials that exist within your LDAP or SSO provider.

Self-registration can create client users either by creating a new user record altogether or converting an existing customer record by matching the provided username during login against customers' alert, primary and alternate email addresses (in that order).

The default information included on the new user records is determined by the self-registration profiles configured in TDAdmin. You can configure multiple profiles that recognize different types of users based on a differentiating factor in LDAP or SSO that you specify to provide different default user templates for users coming in through self-registration.

Configuring Self-Registration

A self-registration profile can run on either LDAP or SSO based on the specified authentication provider in the profile’s settings. Authentication providers are configured separately when setting up authentication into TeamDynamix through your organization's LDAP or SSO provider. View details on authentication providers in the Getting Started with Authentication and Single Sign-On (SSO) article.

Self-registration profiles combined with authentication providers grant you the ability to provide users with several meaningful defaults that will be applied when a user record is created upon a user's first login.

These defaults include:

  • Security Role
  • Groups
  • Account/Department
  • Desktop
  • Client Applications
  • Employee Status

To configure a self-registration profile:

  1. In TDAdmin, navigate to Organization Settings > Self-Registration. Here, you can create new profiles or edit your existing ones.
  2. + Add
  3. Edit
  4. Name your Self-Registration Profile (for example: Students)
  5. Determine the Settings for the Profile you are creating
    1. If you are creating a Self-Registration profile for Students, put them in a Student Acct/Dept, give them a Client Portal Security role, add them to groups if necessary.
  6. Apply Client Portal Security
  7. Save and Activate the Profile
  8. Create any additional profiles that you need

With both types of authentication provider, you have the option to provide custom self-registration mappings. These mappings allow you to manually specify which LDAP or SSO attributes will map to which TeamDynamix user attributes.

To configure attribute mapping:

  1. In TDAdmin, click the Security tab, then Configure SSO.
  2. TeamDynamix Administrators can find SSO Articles here.

LDAP authentication providers allow you to specify multiple LDAP attributes per TeamDynamix User attribute. You can optionally set up multiple authentication providers to provide you with differentiation between certain user groups based on how they authenticate.

Gotchas and Pitfalls

  • The configuration pages to make Self-Registration work lives in two locations (as cited above)
    • In TDAdmin > Organizational Settings > Self-Registration
      • Create Self-Registration Profiles here
    • In TDAdmin, click the Security tab, then Configure SSO
      • ​​​​​​​Adjust attribute mapping here (ex. use eppn as the "email" attribute in TDX)
  • Your provided SSO Attributes require at least 3 mapped attribute values a First Name, Last Name, and Email.
  • In the Self-Registration profile you create, you must choose a security role to be applied.
  • If you use a default security role for an application you will want to check the permissions on the security role in that application to verify the actual permissions you give to a self-registered user.

Details

Details

Article ID: 2707
Created
Wed 11/12/14 5:57 PM
Modified
Thu 11/7/24 9:31 PM

Related Articles

Related Articles (1)

Loading people records is important if you need TeamDynamix to know about people before they ever log in to TeamDynamix. This article summarizes ways that people records can be created or updated.