Enhancement - New User Invite/Registration Flow

As part of our efforts to deprecate non-public APIs, we are simplifying the new user invite and registration process.

The original flow required user to enter a password, as well as additional information required for password reset before being able to enter the product. We’ve heard from many customers, however, that they are not able to require employees to use a personal email or phone number due to unions/labor laws.

Beginning in June 24, the old user registration UI will be retired, and all new users will instead be prompted to create a new password with the existing Password Reset UI upon clicking the link from email. They will only be required to create a new password before entering Identity Security Cloud.

Upon entering ISC, the user will see a notification letting them know that they are missing information required for password reset. A user can dismiss this prompt from the X, or it will disappear after 30 seconds. However, this notification will appear each time a user logs into the system and still has missing information.

By clicking on “Learn More” in the notification, they will be redirected to the preferences page to enter the missing information for whichever method they choose.

If you have any questions or run into any issues, please reach out to your CSM. Thank you!

Rollout Schedule

Sandbox Release - Week of June 17

Production Release - Week of June 24

FAQ: SailPoint User Invite Email, Registration, and Password Reset

Q1: What is new/changing? Sustain User Invite Email, Registration, and Password Reset provides a refreshed approach to sending user invites and resetting passwords that no longer leverages non-public APIs and enables a simplified user experience. With this change, the password reset options are shifted from registration to post-login.

Q2: Why are we introducing this new capability?

SailPoint is currently underway on a larger deprecation effort of decommissioning several non-public APIs (also known as CC decommissioning). The existing user invite, registration, and password reset functionalities within Identity Security Cloud leverage components of those non-public APIs, and SailPoint is updating the business logic for these processes to no longer leverage those non-public APIs to assist in the deprecation effort.

Q3: What are common use cases?

With existing functionality today, new users who are sent registration emails are prompted to register personal information that will aid in password resets. However, they are not granted access to ISC until they add in their personal information for password resets.

With the updated functionality, users are only required to register a new password before entering the product. They are then notified on the Home page that they are missing important personal information required for password resets and are given a link redirecting them to the Preferences page to enter that information.

Users can dismiss this prompt with the X option. Or they can wait, and the prompt will disappear after 30 seconds. However, this notification will appear each time a user logs into the system until they enter their personal details needed for password resets, as specified by their administrators.

Q4: What is the value to customers?

Customers will have an updated User Invite and Password Reset experience that is more forgiving in granting access to the product, enables continued business operations, and leverages non-deprecated components. Also, the new functionality will continue to enforce and strongly recommend best practices around ensuring appropriate information is entered to enable password resets for end users.

Also, customers who cannot require users to use a personal phone or email to register now can grant access to the product without being forced to enter additional details. Instead, users can choose which information to add post-login.

Q5: what happens if a user needs to reset a password, but has not registered alternate forms of information?

In this case, a user will need to contact the helpdesk to reset their password.

Q6: Where can I find more information?

For additional information on the non-public API deprecation, please see the Developer Community post Non-Public API Deprecation.

Great Enhancement

@Tyler_Harman For organizations using PTA, will this bypass MFA?

Yes @austin_alexander It is bypassing MFA. I was able to validate it. User can set the password using the URL.

This is not an “Enhancement” in our environment of 70,000 plus users.
This Warning is vague and dismissible, thus creating a lot of tickets and calls into our helpdesk. I will be reaching out to our CSM to opt out.

Cody

Unfortunately, there is no “opting out” of this. Also, are you stating that this is already causing users to create tickets to helpdesk for you? I understand that you are concerned with that happening, but this has only been released to sandbox thus far, so I’m not sure how that could already be the case.

We can look at tweaking the language some to make it clearer. Perhaps we could even default them to the preferences page to enter the information. Would that help your situation at all?

Tyler

Hello Tyler,

Yes we are already getting calls and tickets.
For some reason this was already pushed to our production environment.

Something along the lines of “You will not be able to reset your password without configuring your security questions. Click here to complete setup” would be nice. Is it possible to pop up center screen?

Defaulting to the preference page would also definitely help if it’s only for the first login.

Thank you,
Cody

Thanks for the reply, Cody!

Yeah, I think that we should be able to target the center of the screen with the notification and make it bigger, plus change the language. I’ll look into this with the team and hopefully have more information soon.

Tyler

Cody

I also just thought that you could edit the user invite email template to change the default URL to be the preferences page. Might be worth a try in the interim.

Tyler