This guide provides technical instructions for the lifecycle management of organizational identities, including provisioning, role assignment, and offboarding.
Prerequisites
- Assigned Admin or Owner role within a tenant.
- Available "seats" within the active subscription tier.
Strategic Overview
Identity Governance is the foundation of a secure enterprise document environment. In IUSign, users are not independent actors; they are members of a cohesive organizational unit governed by a centralized security policy. Administrators are responsible for the entire identity lifecycle: from the initial provisioning and invitation to the granular assignment of roles that determine data visibility and operational authority. Effective user management ensures that the right people have the right access to organizational assets, mitigating the risk of data exfiltration and ensuring compliance.
Implementation Sequence
1. Identity Provisioning (Invitation)
Navigate to Admin Dashboard → Users.
- Select Invite User.
- Specify the recipient's corporate email and legal name.
- Role Designation: Select the initial role (e.g., User, Admin, or Viewer).
- Team Assignment (Enterprise): Assign the user to a specific department or functional team to inherit document sharing permissions.
2. Operational Role Modification
Administrators can modify a user's authority at any time to reflect organizational changes:
| Role Category | Functional Authority | Use Case |
|---|---|---|
| Owner | Absolute governance; billing and deletion authority. | Primary Stakeholder. |
| Admin | Global visibility; user management and settings control. | Operations / IT. |
| User | Transactional authority; creates and manages their own envelopes. | Standard Employee. |
| Viewer | Read-only access to organizational document lists. | Audit / Legal. |
3. Identity Offboarding and Deactivation
To preserve organizational data integrity when a member leaves the organization:
- Suspension: Immediately revokes the user's ability to log in while preserving their historical documents and audit trail.
- Transfer of Ownership (Enterprise): Before deactivation, administrators can bulk-transfer the user's active envelopes to another team member to ensure workflow continuity.
- Seat Reclamation: Deactivating a user frees up a license seat for new provisioning.
Security Governance: Administrative Enforcement
- MFA Mandate: Administrators can view the MFA status of all users and should mandate its activation for all privileged accounts.
- Activity Monitoring: View the "Last Login" and "Activity Volume" for each user to identify inactive accounts or anomalous behavior.
- Identity Locking: Once a user is part of an organization, certain profile parameters (like corporate email) may be locked and only modifiable by an administrator to prevent unauthorized account takeover.
Diagnostic and Resolution Protocols
| System Exception | Probable Cause | Resolution Protocol |
|---|---|---|
| Invitation not received | SMTP block or Syntax | Verify email syntax and consult the Deliverability Guide. |
| "User Limit Reached" | Tier capacity | You must upgrade your plan or deactivate inactive users to free up seats. |
| Cannot delete user | Identity persistence | For audit integrity, users are typically "Deactivated" rather than "Deleted" to preserve their signature history. |