TruU Tenant Setup

Configuring Primary User Identifier

There are many areas in the TruU solution that rely on user attributes as defined in the corporate directory. Most notably, User Attributes are used as follows: 1) To identify users in the User Self-Service portion of an Enrollment Workflow and/or to login to the User Portal 2) To dynamically assign users to Entitlement Groups based on User Attribute values 3) To provide virtual badges to the correct user by matching a user from the PACS to the user directory when using Lenel OnGuard for physical access 4) To send emails and/or SMS to users either invite them to use TruU when clicking the email icon in the “Users” page, or to provide a user with an enrollment link as part of the self-service step in an Enrollment Workflow.

Configuring Primary User Identifier NOTE: Email and Phone Number attributes can be configured to allow or disallow for sending magic links to users. This can be done by clicking the box(es) next to the attribute name and using the Actions menu, or by clicking on the row to configure the attribute. Also note, SMS messages can only be sent to phone numbers stored in E.164 format Adding Global Attributes Global attributes provide an ability to map attributes and/or transformations across directories in your tenant. These attributes are made available to the platform for any of the purposes mentioned above. To add a global attribute, you must:

Click the (+) button
Give the attribute a “Name”: this is how the attribute will be labeled in an Identify Verification Workflow
Enter in “Help Text” that will appear in the input field as an example of what the attribute should look like
Identify the attribute “Type” by selecting the type in the drop-down
Map the User Attribute or a Transformation for each Directory in the tenant for this Global Attribute

Editing / Deleting Existing Attributes Click on the row of any attribute you wish to edit to open up a dialog box to modify the user attribute definition. You can delete any global attribute that is not being used by Configure Special Case Attributes There are some attributes that server a special purpose for TruU and need to be configured here. Click the Gear icon to expose the “Special Case Attributes” menu:

The special case attributes are as follows:

Primary User Identifier: this is the attribute that is used for user search in the Admin Console and the primary attribute that is used to identify a user in all identity verification workflows
Email: this is the email attribute that TruU will use for any system generated emails
Display Name: this allows you to specify which attribute will be used as the display name for users in the Admin Console, User Portal and on authenticating devices
Manager Lookup Attributes: this allows you to specify which user attribute your directory uses to indicate who is the manger and which attribute TruU should use to look up the manager in the directory. When using cloud directories to lookup a user’s manger (either for sending an invitation or for routing an identity verification request), the way in which the manager attribute may be stored can vary
- Entra ID: Entra ID has a special api call for retrieving the manager. If the Entra ID attribute configured as the “Manager” attribute is “manager” then the second attribute will be ignored
- Google Cloud Directory: The GCD LDAP schema does not support the built in manager attribute in GCD. In order to use manager lookup with GCD, you will need to add a custom attribute and use that as the “Manager” attribute