Account management capabilities
This page explains how you can manage customer identities.
Account management empowers your support team to provide guided help for customers in every aspect of their accounts in a no-code or low-code fashion.
Customer support can quickly resolve issues related to
- personal information (Account attributes)
- authentication (Authenticators)
- identity verification (Identity verification)
Activity logs provide insights into various account events to diagnose setbacks customers ran into. Consent logs help you see on an account basis where you stand with fulfilling compliance requirements.
Customer support can also manage group memberships that control which contents an account has access to.
Your support team can start assisting customers in the Account management menu in the Admin Console.
Available accounts will be listed by identity stores. You can switch between identity stores using the drop-down on the left. Once you're in the right identity store, you can find accounts by specific parameters by opening Search on the left.
Your support team can track down accounts by various parameters in an instant using account search. They can also pin search fields to the top of the tab to keep the most frequently used fields close to hand.
You can learn more about search options here.
Account quick actions
Some actions can be accessed on the main tab before taking a deeper dive into account management. Quick actions appear in the list header when one or more accounts are selected.
|Delete||Deletes the selected account(s) from the identity store. Irreversible action.|
|Add to group||Adds the selected account(s) to a group of choice. Available groups will be listed in a new dialog box.|
|Remove from group||Removes the selected account(s) from a specified group. Available groups will be listed in a new dialog box.|
|Enable||Enables the selected account(s). The account holder can log in and access their data.|
|Disable||Disables the selected account(s). The account holder can't log in to their account and access their data but their identity will continue to be stored.|
Account labels allow you to take a quick glance at the status of an account.
|Enabled||When an account is enabled, the customers can log in and edit the personal information they have access to.|
|Disabled||When an account is disabled, the customer can't log into the account.|
|Verified email||When an email is verified, it can be used for multi-factor authentication and sending notifications to the customer.|
|Unverified email||When an email is not verified yet, it could mean that there was an activation email or invitation sent to the customer that wasn't completed yet.|
|External identity||The customer has registered with an enterprise or social identity.|
Once you've identified the account you want to edit, click anywhere on the account to jump to the selected identity's profile.
The profile of the account will open.
Account overview panel
Usually, when something's out of sight, it's out of mind. That's why essential customer information and account actions are brought to the fore on account profiles. The information that immediately identifies the account will always be in sight while browsing tabs.
|Download account information||Customer service can download every information related to the account in HTML or JSON format.|
|Disable/Enable account||Customer service can change the status of the account to disabled or enabled. When an account is disabled, the customer can't log into the account.|
|Delete sessions||Customer service can delete active sessions. When a customer returns to their usual browser, they will be required to re-authenticate.|
|Delete account||Customer service can delete the account from the identity store. Irreversible action.|
Customer service can make changes to an account's basic profile information here.
Attributes can be configured on an identity store basis. Every attribute is available here that's made visible in the Admin Console. Every attribute can be modified where editing in the Admin Console was allowed.
Customers can be notified about this type of update. You can check the Customer notifications section for more information about which branding and notification policies can be applied in different scenarios.
Account event logs
While troubleshooting problems for a customer, your service desk can pull up every event log related to the account in the Activity tab:
For more information, see our detailed description of account event logs.
Group memberships of an account can be managed here. Every group that the account is a member of is listed.
The account can be added to any group available in the identity store. The account can also be removed from any group.
Removing group memberships will block access for the customer to applications where group restrictions apply.
When customers turn to your service desk in their final effort to recover their accounts, your customer support team is equipped with just the right tools to resolve authentication issues.
Image: Authenticators page showing Email magic link, soft token, and security key MFA methods configured
Customers can be notified about authenticator updates. You can check the Customer notifications section for more information about which branding and notification policies can be applied in different scenarios.
Send password reset email
Customer service can initiate a password reset for an account. The password reset notification will provide the customer with a secure link to self-service reset their password.
When left with no other option, service desk personnel can opt to change a customer's password directly from the Admin Console.
Add new authentication methods
You can provide customers with secondary authentication methods from the Admin Console. Customer service can also add a new email address or phone number to a customer's account:
Delete an authentication method
If customers lose their mobile devices or can't log in to their email accounts, customer service can help with just a few clicks by removing those methods.
Customer service can manage the active sessions that a customer is still logged into across devices.
- browser type
- geographic location and
- IP address from where the session originated
Sessions can be terminated manually here. In the event of session termination, any access from that browser will cease. If a customer uses that same browser again, they will be required to re-authenticate.
Customer service can manually verify a customer's identity in case the user can't get through the identity verification flow, but your team has ample proof to establish trust in the identity. Successful identity verification can be revoked also in case the identity carries a risk.
Here, your team can access the consent history of the account. You can get access to this data from account information download files to satisfy data requests according to your regulatory and privacy standards.
The consent log contains
- the list of consents customers have agreed to,
- the time of the agreement,
- and the time of opt-out for outdated consent versions or manually revoked consents.
Customer service can notify customers about the changes made to their account, whether it's an update to profile information or enrollment of new authenticators. In every case, a client needs to be selected to send the notification.
Changes take immediate effect.
This guide indicates which support actions notifications are available for.
Clients provide customer journeys: customers get access to their accounts through them. The policy configurations you apply to applications and/or organizations are implemented by clients. However, configurations apply conditionally to clients: the experience customers will ultimately see on their screens not only depends on what's assigned to the application but on the type of account as well using that client.
Scenario #1 If the customer is part of an organization, then only clients that belong to organizational applications, in general, can be selected. In this case, the customer experience (in this case, branding and notifications) of the client is determined by the organization that the account is part of.
Scenario #2 If the customer is not part of an organization, then only clients that belong to non-organizational applications will be listed. In this case, the branding and the notification policy of the application will apply to the notification.
Updated 7 days ago