Subsections of User Management

Create and Invite Users

Auto provisioning of Users

Auto provisioning is automated management of all users for an organisation. Authway supports auto provisiong of users, which allows a smoother user experience, better efficiency and improved security.

Configure Auto provision for an organisation (tenant)?

Search for the organisation (or choose My organisation) and switch to the Settings tab. Choose the sign-in alternative that should be enabled for auto-provision or configure a new tenant specific sign-in alternative. Register one or more trusted e-mail domains (Authway consider everything after @ as the e-mail domain).

Configure Groups

All groups in Authway can be set as External group. The group is made external by enabling that and enter the name or unique identifier of the group from the home directory. It will not be possible to manually add or remove users from an external group, instead a user will be added/removed to the group during sign-in depending on if the group is recieved from the home directory or not.

Sample form to get required information from customers

At [YOUR ORGANISATION], we want to give you the best possible service and the smoothest possible experience with our digital services. We therefore recommend that you use the logins that your employees already have in your organisation, so-called single-sign-on (SSO). It is both smoother and more secure.

  1. How do your users log in to your own IT environment?

    [ ] Microsoft Entra ID (e.g. if you use Microsoft 365 (Office))

    [ ] Local AD or other alternative

    [ ] We do not want to use existing logins (SSO)

If you have answered “Local AD or other alternative” above, our respective IT departments need to talk to each other to see if it can be resolved. If you have answered “Microsoft Entra ID” above, you (or your IT department) can answer the following questions. For each question you answer, your administration is simplified.

  1. Enter your Microsoft Entra ID:

    By entering your Entra ID, users will be able to log in with their existing accounts in your organization (SSO).

  2. Enter the Object ID for one or more security groups that you want to map to the following roles in [YOUR SERVICE]:

    [GROUP 1]:

    [GROUP 2]:

    [GROUP 3]:

    [GROUP 4]:

    [GROUP 5]:

    By doing so, your users will automatically receive the correct permissions in FleetWeb based on which groups they belong to in Entra. Please note that you or we still need to control which companies and cost centers users with higher permissions than Driver will have access to. FleetManager must also be approved by the company signatory.

  3. Enter the email domains (the entire part after @, e.g. authway.co) that you want users to be able to automatically log in from:

    By entering email domains, your users can automatically log in without the need to administer them in our services.

Verify User Emails

Authway uses e-mail addresses as the default username and to ensure that the user can have control over their account it is important to verify that the user is in control of it. We recommend that e-mail verification is required and this is configured for the service by IRM (during initial configuration or added later).

The verification is done in one of two ways:

  1. If the user is invited, the invitation is send to the user e-mail with a magic link. When the user clicks the link to create their account, the e-mail address is verified by the magic link. The magic link is by default valid for 3 days.
  2. If a verified e-mail is required (by the service configuration) and the user email is unverified, the user will be required to verify the address during sign-in. This is done by sending a time-based one-time password (TOTP) containing six numbers to their e-mail address. When the user enters the correct code, the e-mail address is verified and the user can continue. The code is is valid for about 15 minutes.

The second option is very common after migrating users or when the requirement to verify e-mail address is turned on after the service have been used for a while. Invited users will always get their e-mail verified through the invitation, even if it is not required by the service.

It is also possible that the e-mail address is automatically verified by a trusted external sign-in, such as Microsoft Entra ID (Azure AD).

Requirement to verify the e-mail address can also be configured differently per organisation (tenant).

Delete Users