Onboard Internal Users

In this walkthrough, Alex Carter signs in to the ThunderID Console as the operations admin. He invites two new staff members: Sam Rivera onto the support team and Maya Patel onto the destinations team. Each invitee receives an email, opens the link, fills in a few additional attributes, and gets onboarded.

Onboarding internal users happens entirely in the ThunderID Console, so this walkthrough applies regardless of which solution pattern the app uses.

Prerequisites

Complete Set Up Your Environment before starting this walkthrough.

Background

Onboard Internal Users covers the requirements story behind this use case.

Set Up Internal User Onboarding

1. Invitation emails are delivered through a SMTP server. Configure a SMTP provider and apply the configuration in repository/conf/deployment.yaml.

   Sample SMTP Configuration:

   email:
     smtp:
       host: "<smtp-host>"
       port: <smtp-port>
       username: "<smtp-username>"
       password: "<smtp-password>"
       from_address: "<from-address>"
       enable_start_tls: true
       enable_authentication: true

2. Activate the user onboarding flow by pointing the user_onboarding_flow_handle to the bundled flow in repository/conf/deployment.yaml:

   flow:
     user_onboarding_flow_handle: "wayfinder-onboarding-flow"

3. Restart ThunderID for the changes to take effect.

Try the Use Case

The Wayfinder onboarding flow prompts the admin to pick the staff role (Support or DestinationsAdmin), then collects the invitee's email and sends the invitation. When the invitee accepts, the matching role is attached automatically — no separate role-assignment step.

1. Sign in to the ThunderID Console as Alex Carter (alex.carter / alex.carter).
2. Navigate to Users and select Invite User.
3. Select Staff as the user type.
4. Pick Support as the role, enter Sam Rivera's email (sam.rivera@example.com), and send the invitation. ThunderID emails Sam an invite link.
5. Open the email in Sam's inbox and open the link. The browser opens a Complete Your Profile page.
6. Fill in the additional attributes (username sam.rivera, display name Sam Rivera, a password) and submit. Sam's account is now active with the Support role attached.
7. Repeat the flow for Maya Patel (email maya.patel@example.com, username maya.patel), picking DestinationsAdmin as the role.

Going Deeper

• Want to understand how the staff user type and roles fit together? See User Types and Roles in the Identity Concepts.
• Prefer to build the user onboarding side of the model manually? See Set Up Internal User Onboarding in Configure It Yourself.