Add a User with Options to the Internal Database

To add a new user “with options” means that when you add user records, you can configure additional options for the user. For example, when you finish adding the user information, you can assign a token, add the user to a user group or assign the user an administrative role.

Use this procedure to add users to the internal database. Authentication Manager has read-only access to external identity sources.


  1. In the Security Console, click Identity > Users > Add New With Options.

  2. Decide which options that you want to assign to the new user, and select the appropriate checkboxes.

  3. Click Next.

  4. In the Administrative Control section, from the Security Domain drop-down menu, select the security domain to which you want to assign the user.

  5. Complete the User Basics section:

    1. (Optional) In the First Name field, enter the user's first name. Do not exceed 255 characters.

    2. (Optional) In the Middle Name field, enter the user's middle name. Do not exceed 255 characters.

    3. In the Last Name field, enter the last name of the user. Do not exceed 255 characters.

    4. In the User ID field, enter the User ID for the user. The User ID must be unique within the identity source where you save the user, and not exceed 255 characters. Do not use multi-byte characters, such as


      Note: If this account is for an administrator who requires access to the Security Console, the User ID must be unique in the deployment.

    5. (Optional) In the Email field, enter the user's e-mail address. Do not exceed 255 characters.

    6. (Optional) In the Certificate DN field, enter the user's certificate DN. The certificate DN must match the subject line of the certificate issued to the user for authentication. Do not exceed 255 characters.

  6. Complete the Password section:

    1. In the Password field, enter a password for the user. Password requirements are determined by the password policy assigned to the user's security domain. This is the user's identity source password, which may be different from alternative passwords provided by applications. For more information, see Password Policy.

    2. In the Confirm Password field, reenter the password.

    3. To force the user to change the password during the next logon, select Force Password Change.

  7. Complete the Account Information section:

    1. From the Account Starts drop-down lists, select the date and time when the user account becomes active. The time zone is determined by local system time.

    2. (Optional) Use Account Expires options to modify account expiration settings. To set an expiration date for this user, select Expires on, and select the date and time when the user account will expire. (The time zone is determined by local system time.) To remove account expiration, select Does not expire.

    3. To disable the new account, select Account is disabled.

  8. In the Attributes section, in the Mobile Number field, enter a mobile phone number for the user.

  9. Click Save & Next.