Set up an enrollment process

• Applies to: all Board Cloud subscriptions associated with a Subscription Hub

HOW: Create and configure a new enrollment process

The Enrollment process can be done one of two ways: with direct approval or with manual approval. Both ways are described below.

Direct approval enrollment process

To set up a direct approval enrollment process, proceed as follows:

1. Configure an external identity provider (IDP) that will handle identity information and user authentication. Board supports SAML2 and OIDC external identity providers

2. In the Default authorizations page, select the external identity provider you previously configured, define a main license, integration with Microsoft Office, culture and assign default authorizations for every Board platform associated with the Subscription Hub. The system will apply those setting to all users accounts created via the enrollment process

3. Enable the Enrollment feature, by clicking on the "ENABLE FEATURE" blue button in the upper right corner of the page

When a new user logs into Board through the configured external IDP for the first time, a new user account is created and saved within the Subscription Hub.

Please note: for the direct approval enrollment process to work, additional configuration managed by Board Cloud team is required. Please submit a ticket through Board Support Desk for further assistance.

Manual approval enrollment process

To set up a direct approval enrollment process, proceed as follows:

1. In the Request form page, create a request form that users will fill out during the enrollment process by adding new fields with the "+ FIELD" button

2. (Optional) In the Approvers page, select one or more users to be tasked with the requests approval

3. In the Default authorizations page, choose an authentication type, Board authentication or an external identity provider (IDP), that will handle identity information and user authentication. Board supports SAML2 and OIDC external identity providers.
   Define a main license, integration with Microsoft Office, culture and assign default authorizations for every Board platform associated with the Subscription Hub. The system will apply those setting to all users accounts created via the enrollment process.

4. Enable the Enrollment feature, by clicking on the "ENABLE FEATURE" blue button in the upper right corner of the page

User Access Request

Once a manual approval enrollment process is in place, the user can request access to Board through the following process:

1. The user navigates to the Board sign-in page and clicks on "Request Access"

2. The user is prompted to fill in the mandatory email field which automatically sends a verification email to the user for validating their email address

3. In the verification email, the user clicks on the link provided to validate the their email address. The user is then taken to the request form to proceed with the enrollment process

4. Once the request form has been filled out, the user clicks on "SEND REQUEST" to complete their access request. The system sends a notification email confirming the request has been received and is pending approval

5. Designated approvers receive a notification email containing all information entered in the request form and a link to the newly created user account

   Any administrator logged into the Subscription Hub can evaluate and approve new user accounts created by a manual approval enrollment process from the Users home page. These user accounts will have their enrollment status set to New Request. To reject access requests, approvers and administrators will need to select user accounts whose enrollment status is set to New Request, click “DELETE” in the upper left corner of the page and then "yes" in the confirmation popup.

6. Once the access request has been approved, the system sends a confirmation email to the user. The user is then able to access Board with their external IDP credentials.
   In the event that identity information is managed by Board authentication, the user will receive a confirmation email that will prompt them to set a password for their account.

Whenever an existing user logs into Board through an external IDP, the information in their User profile panel is overwritten with the most recent information imported from the external IDP. Manual changes made by administrators are also overwritten, depending on the external IDP's configuration. See the Identity Provider Federation section and Login scenarios for more details.

If a direct or manual Enrollment process is enabled in the Subscription Hub and there are no more licenses available for new users, a specific error page is displayed at the end of the Enrollment process. New user accounts are still created, but they are disabled; to activate them, administrators or approvers will have to manually assign them an available license in the User profile panel or enable them by unchecking the "disabled" checkbox, provided a valid license is assigned those accounts.