Enrollment

In the Enrollment top menu, you can see which identity services the user has enrolled with. Here you can also add enrollments for identity services (Personal Email and Mobile Code (SMS)) without user intervention if your administrator has configured this. Certain identity services can also be removed so that the user can re-enroll with them.

Managing Enrollments

If configured, Service Desk agents can enroll users with Personal Email and/or Mobile Code (SMS) without any user intervention.

Note

Enrollments can only be added after the user's identity has been verified. See Verify identity for more information on identity verification.

Note

Only those identity services that are correctly configured will be shown on the Add enrollment page.

To add enrollment for a user:

Verify the user (see Verify identity for more information).
Click Enrollment.
In the User enrollment info section, click the Add enrollment button.
Enter the user's phone number or personal email and click Send Code.
Have the user read the verification code they received to the Service Desk agent.
Enter the verification code in the Verify Code field, then click Add Enrollment.

Once the user has been enrolled with the identity service, it will appear in the User enrollment info section.

Managing Specops:ID Registration Sessions

To simplify registration with the Specops:ID mobile app, a Specops:ID registration session can be created. A registration session is a short-lived session that allows a user to register their account with Specops:ID. The user completes the registration by scanning a QR code with their mobile phone, or by tapping a corresponding URL.

Registration sessions can only be used once. When a user has completed the registration, the session is consumed and cannot be reused. If a session expires before the user accesses it, a new session must be created. Registration sessions can only be created for users who have not already enrolled with the Specops:ID identity service.

Notifications

Specops:ID registration sessions use notifications to inform users that they can register. Before creating a registration session you should take a look at the configured notifications for the Specops:ID identity service.

A notification can be created for email and/or text message. For email notifications, make sure the EnrollQRCode placeholder is included in the email body. This displays the QR code that the user can scan from Specops:ID to complete the registration. For text message notifications, include the EnrollUrl placeholder instead. This allows the user to tap the URL in the text message to start Specops:ID and complete the registration.

Manage Sessions from Specops Secure Service Desk

Specops:ID registration sessions can be managed from Specops Secure Service Desk, or by using PowerShell scripting, see Specops:ID Registration Sessions.

To configure this in Secure Service Desk:

Find the user (see Search for a user).
Click Enrollment.
Navigate to Specops:ID.

If a registration session already exists for the user account, it is displayed under Registration Session. From here, you can view the session status, add a new session, remove an existing session, and send a notification.

You can also manage the Specops:ID notifications from here. Clicking the button opens the Identity Services settings for Specops:ID, where you can view and update the existing email and/or text message notification templates. Also refer to Notifications.

Managing Specops Verified ID Enrollments

Specops Verified ID can be configured to match user information with ID document data. This can be done in Specops Secure Service Desk or by using PowerShell scripting, as described in Specops Verified ID Matching rule considerations.

To configure this in Secure Service Desk:

Date of birth: The Date of Birth Matching setting requires users to be pre-enrolled with a date of birth. The setting is further described in Configuring Specops Verified ID. Enter a value to pre-enroll the user with a date of birth.

The configured value is protected and cannot be viewed or edited.
Legal name: The user's name in Active Directory or Entra ID may differ from the legal name on the ID document. This mismatch can cause the ID document capture step to fail. To resolve this, enter the legal name to enroll it for comparison during authentication.

The configured value can be viewed and edited.