User Provisioning

Temporary access pass should be enabled for your Azure AD workspace for all users or at least for the ones you want to register on their behalf. You can find more details on this here.

The target user should be imported from Azure AD, using Import from Azure AD option in Users & Security Keys, or be synced with Azure AD, so that there is an equivalent user in your Azure AD.

When an IDmelon administrator tries to import users from Azure AD for the first time, they will be asked to log in to Azure to grant necessary permissions. The admin who is doing so cannot provision themself in IDmelon, as Azure prevents this action. For example, if [email protected] is used to import users from Azure AD, this user can't be provisioned from IDmelon Panel.

The target user should be assigned a passkey security key, but it is not necessary to be activated in IDmelon Admin Panel.

Choose a user you have imported from Azure AD >> Click Action >> User Provisioning.

A wizard will ask you to select a service and say that OBR will be enabled, and as long as it is so, any credential registration will take place on the selected user's security key. Select Microsoft Azure AD and follow the instructions.

User must install IDmelon Authenticator app on their smartphone.

User security key status must be active in administration panel (Admin must add the user to the panel via invitation email and user must accept the invitation).

Choose a user you have imported from Azure AD >> Click Action >> User Provisioning.

Select Other Devices to start OBR by other kinds of devices and click on Start OBR.

IDmelon Pairing Tool will open and has to be Ready for on behalf registration.

Now administrators can register account for their specific user.