RapidIdentity Administrators' and Users' Guide


Delegations are groups that are set up to include various users in one section. They can be created to include various groups that share the same attributes or customized to include a set of groups with different attributes, as assigned by an administrator to suit the organization's needs.


The following default delegations, as well as any other delegations created by an administrator, are displayed in the left menu. These can be modified by the organization to align with business or technical needs, including removing them altogether if necessary.

Each delegation allows the users to be viewed in a list or grid and any information available on that user is accessible by clicking the Details button. The user's information displays as configured by the administrator. This can include the user's email address, department name, phone number, and the user's photo.

Users with permissions can perform the following actions for users in a selected delegation:




This icon allows the password to be changed to a new password that must follow the organization's password policy.

Additionally, a box can be checked to have the user change their password at their next login.


Reset Challenge Responses is a self-service feature built into the RapidIdentity Portal Profiles Module allowing users to update their responses to challenge questions required to reset their passwords. Depending on how the RapidIdentity Portal Administrator has defined this action, it may be necessary to answer a minimum number of the possible questions shown.

It is also possible for administrators to allow users to define their own challenge questions and answers; if this option is available, click the green plus sign and then enter a unique question and answer; to discard this action, click the Minus icon (not shown).


For MY type delegations that a user sets for themselves, the user sets up challenge questions based on their currently assigned Challenge Policy Requirements.

For CUSTOM type delegations that a user sets up for someone else, the action simply invalidates any previous challenge questions for the target user. Depending on the target user's Challenge Policy, they may be required to set up challenge questions at next login.


This will enable all selected profiles by ensuring the user has access to their RapidIdentity account.


This will disable all selected profiles. This prevents the accessibility to the user's RapidIdentity account.


This will unlock all selected profiles in the event a user gets locked out (e.g. too many attempted logins).


Allows the list of users to be exported. Selecting this option will download all selected profiles as a CSV file.


This will print the list of users. Selecting this option will take the user to the print screen that allows various options to be configured for the print job being performed.


This generates a QR Code for selected users. There are two types of QR Codes in which the user with permissions can generate:

  • Secure: Generates a QR Code that is based on the user's username and password. Secure QR Codes eliminate the need for a user to enter their username and password.

  • Insecure: Generates a QR Code that is based on the user's username only. Insecure QR Codes eliminate the need for a user to enter their username.


This will reset the TOTP secret for all of the selected profiles. The user will be required to enter and confirm their new password to gain access.


This will reset the Pictograph choices for all of the selected profiles. The user will be presented with the initial selection screen on their next login to register up to three Pictographs, depending on the configuration based on the Pictograph authentication policy of the organization.


This allows the FIDO key to be disabled in the event of being lost, damaged, or stolen.


This allows a new FIDO key to be reassigned to a user who no longer has theirs in their possession or it is no longer in service.


If a Mobile Device has already been enrolled, use this option to delete it from the user's account.


Click this option to enroll a Mobile Device for the user to be used for authentication methods such as PingMe.


This allows users to update the configuration for the mobile devices associated with their account.

If more action options are available to the user with permissions, they can be accessed by clicking the three dots at the end of the displayed actions.

Another action that can be taken by a user with permissions is to edit a user's profile by clicking on details at the end of the user's row and then clicking Edit Profile to make necessary changes. Once finalized, click Save. Changes saved are automatically updated in the organization's directory service.



The attributes that are listed are dependent upon the administrator allowing that attribute to be editable.