Hey @vic_rinkenberger !
We had a similar requirement that might help in your situation. This solution is assuming 2 things:
-
You are getting the personal email from your HR source
-
The identity profile is setup with pass-through authentication (PTA) to the intended AD source
Map the personalEmail you receive from your authoritative source to the personalEmail attribute in the identity profile. In your workflow, you can get the identity that is being onboarded and use the Send Email action to send an email to their personalEmail. Something like this $.getIdentity.attributes.personalEmail can be used in the ‘Send Email Recipient Email Addresses’ field, which relies on the Get Identity action to provide the personalEmail.
The body of the email can contain the instructions the user will receive for how to reset their password or any additional information. The most important part will be for them to go to https://{yourTenant}.identitynow.com/passwordreset/default/reset-password to reset their password. This page relies on the user knowing/entering their username (uid from their Identity Profile) and proceeding with the password reset. You can supply this in the email body, or you can also can also modify this URL to be https://{yourTenant}.identitynow.com/passwordreset/default/reset-password?username=${uid} using templating context to reference the uid from the Get Identity action.
Once the user receives the email to their personal email address that contains the link to the password reset page and their username, they can then go through the Password Reset process you have configured for their identity profile. Since they can’t access any of their company accounts yet, the only options they will be able to use would be “By providing a verification link sent to alternate email”, this is the personalEmail we sent the initial email to, or “By providing a verification code sent to alternate phone” if you also receive their personal phone from the authoritative source and map it to their identity profile.
Completing the password reset process through ISC will update their Active Directory password (or whatever password is configured on the Identity Profile for PTA) so they can then log into their corporate systems.
Please let me know if this helps in your situation!
- Zach