探花大神

When you bind users to external directories like Google Workspace and Microsoft 365 (M365)/Entra ID, 探花大神 starts to manage their identities in those directories. When a bound user sets up their 探花大神 password, and logs in to their User Portal, 探花大神 takes over management of the password in the external directory as well. We call this password takeover. The password is synchronized for those users any time they log in to the User Portal after a change has been made to their user record. This helps centralize identity and provides consistent, predictable password management within 探花大神, for both Administrators and Users. 聽

Considerations:

• External directory passwords aren鈥檛 sent and managed by 探花大神 until users log in to their 探花大神 User Portal for the first time after they鈥檙e associated with a directory.
• Remind your users that if they want to change their password, they should do so through their 探花大神 User Portal.
  • If a User changes their password in an external directory, it won鈥檛 be automatically updated in 探花大神 until the next time the User logs into their User Portal.
• 探花大神 previously required that a user reset their password in 探花大神 to complete synchronization with your external directory. If you had users who didn鈥檛 complete that step, their password will be synchronized the next time they logged in to 探花大神.
  • As a result of this password update, the user might be logged out of existing Google Workspace or M365/Entra ID sessions and get notified of a password update. 
• M365/Entra ID treats a password sync as a password reset regardless of whether or not the password changed. When a user鈥檚 attributes are changed in 探花大神, the next time that user logs in to the 探花大神 User Portal, a synchronization occurs with M365/Entra ID.
  • The synchronization includes the user鈥檚 password, which triggers reset password and refresh token update events in M365/Entra ID, even if the user鈥檚 password didn鈥檛 change. A Microsoft password reset typically logs users out of their locally installed Microsoft applications, like Teams and Outlook, both desktop and mobile. 
  • If your organization has automation that regularly updates user attributes, users may be logged out of these applications more frequently.
• 尝别惫别谤补驳别&苍产蝉辫;闯耻尘辫颁濒辞耻诲鈥檚 Bookmarking feature to make your users' experience more streamlined from their user portal. 

Flow for Active Users

An active user is a user in an 'active' user state, has a password, and that password status is 'active'. After an administrator binds an active user to an external directory, the user receives an email telling them the directory they鈥檝e been added to, and to set their password by logging into their 探花大神 User Portal. Once they鈥檝e done this, 探花大神 will manage their password for that external directory. 

When the User logs in to the 探花大神 User portal, a notification will indicate that their password was updated.

In the external directory, the password will be updated, resulting in the user being logged out of existing Google Workspace or M365/Entra ID sessions. Users will receive a notification from Google Workspace or M365/Entra ID that their password has been updated.

Users That are Bound to More Than One External Directory

Users will receive a new email for each individual external directory that they are bound to. The flow for users bound to more than one external directory is the same as for active users. 

Flow for New Users

A new user is a user in an 'active' user state with a password status of 'password pending'. After an administrator binds a new user without a password to an external directory, the user receives a Welcome to 探花大神 (activation) email that takes them through how to set up their new account. After the user sets up their account, creates an account password, and logs in to their User Portal, their password is sent to the external directories they鈥檙e bound to. Now, 探花大神 will manage all passwords for external directories that User is bound to.