Skip to main content

User Lifecycle

User provisioning and onboarding in Raidiam Connect is tightly controlled and depends on organizational setup. There are two primary pathways for account creation:

  • Invite-based onboarding: Only administrators (Super User or Org Admin) can issue invites to initiate account creation. There is no general self-service registration form/endpoint for end users outside of federated login scenarios.

  • Federated Login/Just-in-Time (JIT) Provisioning: When an external Identity Provider (IDP) is linked, users trigger their own account creation at first login via the IDP. The platform automatically provisions the account with mapped attributes and permissions, determined by the IDP’s claims/profile. For more information, see: Just In Time User Provisioning Overview, Adding External IDP, Managing Organisation IDPs.

User Creation & Onboarding

User accounts in Raidiam Connect can be created through two primary pathways, depending on your organization's setup and integration options.

Manual (Invite-Based) Onboarding

  • In organizations without an external Identity Provider (IDP), all user onboarding begins with an invitation.

  • The Super User has the exclusive capability to invite the initial Org Admin via the OP Admin interface or the main web UI.

  • After this initial setup, Organization Admins can invite or add additional users for their own organization, leveraging the relevant admin console workflows.

→ Onboard and manage Users in Raidiam Connect

External IDP (Just-in-Time Provisioning, JIT)

  • If an external IDP is linked to your organization, users can self-provision simply by logging in with their external credentials.

  • On the first successful login attempt, Raidiam Connect automatically creates a user record for the new individual, using information pulled from the IDP. Roles, groups, and attributes are assigned dynamically based on the IDP claim mapping configured for the organization.

  • This approach enables flexible, on-demand user onboarding driven by your source-of-truth directory or identity system.

→ Provision Users coupling external SSO with fine-grained, policy-driven permission management. Learn more about JIT Provisioning.

Required Fields for Invite-Based Creation

When onboarding users via manual invite, the following minimum information must be provided:

  • Email address (used as a unique identifier)

  • First and last name (optional in some organizational flows)

  • Organisation assignment

  • Initial role(s)

  • Any mandatory consent acknowledgements

info

For users provisioned via JIT, all necessary metadata—including name, email, and roles—are mapped automatically from the external IDP’s claims. The contents and mapping logic are configured per organization as part of your IDP/JIT setup.

User Deactivation & Retention

  • Only soft-delete (inactivation) is supported; accounts are never fully deleted.

  • Deactivated users are retained in the system with an inactive status.

  • All actions—including deactivation/reactivation—are logged for audit/compliance.

  • Org Admin/Super User may reactivate users if permitted by their role.

info

Inactive users cannot authenticate, receive new invites, or access services, but all historical changes and records remain preserved for compliance and auditability.

Open Book IconTABLE OF CONTENT