Onboarding and Authentication
The onboarding functionality gives a user access to On Key. This enables the user to log into On Key for the first time.
A user has to onboard, before authentication can occur. The authentication is handled by an authentication provider.
Onboarding
To onboard a user, you have to send them an invite. An On Key user, typically an administrator, will send this invite from On Key. Once the user has onboarded, they cannot use the invite link again as the token in the link will be deleted.
To onboard a user, do the following:
- From the On Key main menu, click User Access Management - Users. The User Dashboard opens.
- Select the applicable user from the grid or open the user's edit screen. This must be a user that has never logged into On Key yet.
- Click Assist - Send Invite in the sidebar.
The invite, which contains a link, is sent to the user's email address. Clicking the link will direct the user to the following screen:
From here, the user selects an authentication provider to authenticate and log in with.
Authentication
On Key uses authentication providers to manage the login process. You need to choose an authentication provider in order to complete the login. On Key supports a number of authentication providers.
A user will need to authenticate after onboarding, as well as every time they log into On Key. You will be authenticated by the authentication provider that your organisation makes use of.
To authenticate, do the following:
- Select your organisation's preferred authentication provider from the list. From this point on, the prompts will be from the authentication provider.
Once authenticated and logged into On Key, the Authentications tab on the user will be autopopulated with the authentication provider. Refer to User Authentications for more information.
The default time for the user to remain active in On Key is one hour. If the user has not performed any actions in that hour, the token will expire and a new token will be requested. However, this is an automatic process and the authentication will take place automatically in the background.
When you no longer want someone to be able to access On Key, then the user must be removed from the authentication provider.