The mailbox (defined per specialist application) contains the e-mail generated by eIAM with the user's application information. Copy the user ID (yellow marked example) and click the link provided in the e-mail:

Note: You can also authorize users who have not yet requested access. In this case, start directly with step 2.

The user ID with the corresponding client should already be set for an access request sent by e-mail, to obtain the user administration page press Search.
Users without an explicit access request by email can be searched for and authorized by entering the user ID or name (* possible as a wildcard at the beginning and end).

Click on the user ID

The user administration page now displayed consists of three blocks:
- Data on the applicant's identity with contact information
- Information on the user's authentication data
- Information on the user profile, which contains the user's roles.

Then click on the user profile at the bottom of the page

You will now be taken to the Authorization cockpit for the roles GKA and BVA
This view consists of three parts
1. IDM Roles - serves the GKDs and GKAs for IDM role management
2. Business Roles - used for business role management
3. Roles - used by the BVA's to manage specialist application roles

In the IDM role as BVA
If the user access request was made by e-mail (step 1), the ALLOW role already exists for the corresponding specialist application.

For manual user authorization entry, click on Add roles... and select the (additional) roles to be assigned to the user (roles already assigned are no longer visible in the selection) and confirm your role assignment for the user after the role selection by clicking on Add roles again at the end.

Then inform the new user that the authorizations have been granted and that access to the specialist application is to be checked.

If specialist application roles and therefore access rights need to be withdrawn from a user, delete the corresponding specialist application roles using the yellow cross. Confirm the removal of specialist application roles by clicking on the delete button. This function is available for the BVA and AppOwner roles.

The specialist application role is now removed from the user.

Search for the user and click on Archive. Confirm archiving in the second step. The function is available to the GKA, ClientAdmin and AppOwner roles. The user can no longer be activated, but the email address is released for another account.

Various reports are available to you.
To recertify the roles, select "Users per application" and click on "Generate report"
Open the Excel table. You will see all users with roles in their office. You can filter the data to display only the users of an individual application. In the Last login column, you can see when the user last used the application.