Skip to main content

Accounts

In plain English

An account is one person (or service) nexusID knows about. New hires appear, changes update, and leavers are disabled here — the heart of the joiner/mover/leaver lifecycle.

📺 Watch the Joiner·Mover·Leaver Tour → · Provisioning Tour →

Console View​

Accounts Console

Accounts are the central identity entities within Identity Broker. An account represents a unique user and aggregates all their linked identities, profile data, and access rights.

Account Structure​

  • Canonical Subject: A unique, persistent identifier (e.g., usr_12345) that does not change, even if the user's email or upstream identity provider changes.
  • Profile: Standard attributes like Name, Email, Phone, and Avatar.
  • Linked Identities: References to external accounts (e.g., Google sub, AD objectGuid) that are linked to this account.
  • Status: Active, Suspended, or Locked.

Managing Accounts​

Administrators can:

  • Search: Find users by email, name, or ID.
  • View Details: See full profile, linked identities, and group memberships.
  • Edit Profile: Update user attributes manually.
  • Lock/Unlock: Prevent user access temporarily.
  • Reset MFA: Clear registered MFA factors if a user loses their device.