IDHUB | RapidIdentity Claim Process Best Practices

As an administrator, you will need to decide how your users will claim their accounts in the RapidIdentity Cloud Portal. Options for new deployments and for existing customers with an on-premises solution who are converting to the RapidIdentity Cloud are outlined below.

New Users

We offer the following options for users to access their account for the first time:

• Source Data - We can configure a claim policy based on your source data. The policy will allow a user to claim their account with data available from the source. This can be a combination of specific data (e.g. Birthdate, employeeID). All data will need to be in the same format for the policy to work (i.e. 1989-04-28 will be recognized as the user’s birthdate if configured this way in the source, while a user entry of 4-28-89 will not). Any combination of attributes available in the source system can be used to configure this policy. It is recommended that the format (i.e. YYYY-MM-DD for birthdate) is clearly communicated to the end user. This can be done in the interface, as pictured above.
  

• Claim Codes - Identity Hub will automatically generate a random claim code for all users. Users can use the claim code along with their email or phone number. In order to use this option, you will need to provide user’s their claim code out-of-band. For automation options, discuss with your Identity Automation implementation team.
  

• Default Passwords* - A default password can be generated for all users. This will need to follow a logical pattern (i.e. “School Name ” and “employee ID” springfield0123456). This option is not recommended because other users or malicious actions could figure out this formula and use it to access other user’s accounts.

Identity Automation recommends the use of Source Data or Claim Codes as a secure means of providing users with access to the system.

Important Notes

• Upon a successful claim, the user will be prompted to configure their challenge questions and answers, if you have chosen this option.
• When an account is claimed, the username is provided to the user.
• An initial password will need to be set by the user.
• By default, account claims are only allowed once.

For additional information on best practices and recommendations around staff and student password configurations, see the RapidIdentity Best Practices with Passwords.