Body
Who can use this feature?
- Global Administrators can configure self-registration in TDAdmin.
- Users can log in to TDClient with their organizational credentials to request assistance.
- Primary Configuration: TDAdmin > Organization Settings > Self-Registration > +Add to add a new Self-Registration Profile
- Attribute Mapping Configuration: TDAdmin > Security tab > Configure SSO to adjust how LDAP/SSO attributes map to TeamDynamix user fields
Self-registration relies on your organization's Lightweight Direct Access Protocol (LDAP) or Single Sign-On (SSO) directories. When a user from the organization attempts to log into the Client Portal, a new user record is automatically created using their organizational credentials from LDAP or SSO.
We strongly recommend using self-registration as the primary method for creating organizational users. This approach helps reduce the burden of importing thousands of users who may never actually use the system. With self-registration, organizational users are automatically created on demand, simplifying the entire process.
When enabled, if someone tries to log in through the organization's login page without an existing TeamDynamix account, the system will attempt to retrieve their information from LDAP or SSO. It will then create the user account based on a configured template and log them in automatically.
In this article, we’ll cover:
Before configuring self-registration, ensure you have:
- Authentication providers configured for your organization's LDAP or SSO
- At least three mapped attribute values: First Name, Last Name, and Email
- Defined security roles for different user types
For authentication provider setup, see the Getting Started with Authentication and Single Sign-On (SSO) article.
When self-registration is configured and enabled for your organization, users who do not have TeamDynamix user accounts can access the Client portal login page for your organization ([yourorganization].teamdynamix.com/TDClient/) and sign in using their organizational credentials that exist within your LDAP or SSO provider (such as Microsoft Entra ID, Okta, or Auth0). TeamDynamix will attempt to match the provided username against customers' alert, primary, and alternate email addresses (in that order).
Self-registration handles existing records intelligently. If the email address retrieved from LDAP or SSO matches an existing active user in the People database, that user record will be 'promoted' to a full TeamDynamix user account, avoiding the creation of a duplicate account. However, if the associated user record is inactive, a new user account will be created instead.
The default information included in new user records is determined by the self-registration profiles configured in TDAdmin. You can create multiple profiles that differentiate user types based on specific criteria in LDAP or SSO, allowing for different default user templates for those who self-register.
When setting up multiple self-registration profiles, they will be processed in the order they appear. The first profile that successfully matches the user’s credentials will be applied, so it’s important to consider the order carefully when configuring these profiles.
When a user attempts to access the client portal:
- User navigates to [yourorganization].teamdynamix.com/TDClient/ and enters credentials
- System checks if a TeamDynamix account already exists
- If no account exists, the system queries LDAP/SSO for user information
- System processes self-registration profiles in order until one succeeds
- If the user's email matches an active customer record, that record is promoted to a user account
- If no matching active customer exists, a new user account is created
- User is automatically logged in with appropriate permissions and settings
A self-registration profile can operate using either LDAP or SSO, depending on the specified authentication provider in the profile settings. Authentication providers are set up separately when configuring authentication in TeamDynamix with your organization's LDAP or SSO provider. For more information on authentication providers, refer to the article Getting Started with Authentication and Single Sign-On (SSO).
By combining self-registration profiles with authentication providers, you can provide users with meaningful default settings that will be applied when their user account is created during their first login.
These defaults include:
- Security Role
- Groups
- Account/Department
- Dashboard
- Client Applications
- Employee Status
To configure a self-registration profile:
- In TDAdmin, navigate to Organization Settings > Self-Registration. Here, you can create new profiles or edit your existing ones.
- Click + Add
- Click Edit
- Name your Self-Registration Profile (for example: Students)
- Determine the settings for the Profile you are creating.
- You must select a Security Role
- If you are creating a Self-Registration profile for Students, assign them to a Student Account/Department, grant them a Client Portal Security role, and add them to relevant groups as needed.
- Apply Client Portal Security
- Important: Review the permissions on your selected security role to ensure appropriate access levels for self-registered users
- Save, then Activate the profile
- Create any additional profiles that you need
Custom attribute mapping allows you to specify which LDAP or SSO attributes correspond to TeamDynamix user attributes. This is configured separately from self-registration profiles and is essential for proper user data integration.
With both types of authentication providers, you have the option to provide custom self-registration mappings. These mappings allow you to manually specify which LDAP or SSO attributes will map to which TeamDynamix user attributes.
To configure attribute mapping:
- In TDAdmin, click the Security tab, then Configure SSO
- Map your organization's attributes to TeamDynamix fields
- Ensure you have mapped at least: First Name, Last Name, and Email (required)
LDAP authentication providers allow you to specify multiple LDAP attributes per TeamDynamix User attribute. You can optionally set up multiple authentication providers to provide differentiation between certain user groups based on their authentication methods.
For detailed SSO configuration guidance, review our SSO Articles.