User Enrollment – Administrator Training
A complete step-by-step course on user enrollment, invitations, authentication methods, troubleshooting, and best practices for the Secret Double Octopus Management Console.
Course Overview
This course provides administrators and support engineers with a full understanding of user enrollment workflows, identity management, authentication credential setup, device provisioning, and troubleshooting within the Secret Double Octopus Management Console.
- Understand all directory types and user status states.
- Perform end-to-end user enrollment using multiple authentication methods.
- Manage credentials, devices, workstations, and invitations.
- Use best practices for large organizations and MSP environments.
- Troubleshoot real-world scenarios using audit logs and device details.
Module 1 — Understanding User Directories
- Default, internal directory (cannot be deleted)
- Users added manually or via CSV
- Limited authentication methods (Octopus Authenticator, FIDO)
- Can attach to SAML, RADIUS, REST API
- Cannot attach to LDAP/AD authentication flows
- Corporate directories sync users automatically
- Support all authentication and password operations
- Provide rich identity attributes and group membership
User Status Types
| Status | Meaning | Can Authenticate? |
|---|---|---|
| Active | User enrolled and authorized | Yes |
| Pending | Invitation sent, awaiting enrollment | No |
| Inactive | Not enrolled, no invitations | No |
| Blocked | Explicitly prevented from authentication | No |
Module 2 — The User Enrollment Workflow
Enrollment Workflow
This flow describes the full lifecycle of user enrollment, from user creation to an active status.
Create / Import User
The admin creates a new user manually or imports the user list (sync, CSV, or directory integration).
System Publishes User
The system processes the new user and publishes them, making the account available for enrollment.
Send Invitation
An enrollment invitation is sent automatically or manually, including a secure link to start enrollment.
User Receives Email
The user receives an enrollment email with instructions and a one-time or time-limited enrollment link.
User Enrolls Device / Key
The user follows the wizard to enroll their authentication method (mobile app, device, key, or agent).
User Status: Active
After a successful enrollment, the user is marked as Active and can authenticate to all configured services.
Enrollment Lifecycle
Step 1 — Create or Import Local User
- Add Local User (manual)
- Import from CSV (bulk)
- Import from Directory (AD/AzureAD)
Step 2 — Publish Changes
Users must be published for invitations to send. This is the #1 cause of enrollment issues.
Step 3 — Send Enrollment Invitation
Available invitation types:
- Octopus Authenticator (mobile passwordless)
- FIDO2 key
- Voicecall PIN
- Software OTP
Step 4 — User Enrolls
The user completes enrollment via mobile app, browser registration, or PIN/OTP setup.
Step 5 — User Becomes Active
User can authenticate to all assigned services.
Module 3 — Managing Credentials, Devices & Invitations
Security Tab (Passwords, PINs, Bypass, OTP)
- Reset passwords (Local & Integrated)
- Generate voicecall PIN codes
- Manage OTP enrollment
- Configure Bypass (password or token)
- Override workstation limits
Authenticators Tab
- Mobile devices (Octopus Authenticator)
- FIDO2 keys
- Enable/Disable/Delete authenticators
- View detailed device information
Invitations Tab
- Copy invitation code/link
- Resend / resend to another email
- Display QR code
- Download invitation file
- Delete expired or incorrect invitations
Module 4 — Troubleshooting Enrollment Issues
- User not published
- Email incorrect or in spam
- Invitation expired
- Wrong invitation type
- Device deleted or incompatible
- Network restrictions (mobile/Wi-Fi)
Systematic Troubleshooting
- Identify the issue
- Check user status
- Review audit logs
- Validate invitation status
- Test device or browser
- Publish changes
- Verify resolution
Module 5 — Hands-On Labs
Lab 1 — Create & Enroll a New User
- Create Local user or import from directory
- Publish changes
- Send Octopus invitation
- Simulate enrollment: scan QR or enter code
- Verify status becomes Active
Lab 2 — Troubleshoot a Service Access Issue
Scenario: User cannot access Office 365.
- Check Services tab for assignment
- Verify directory association in service
- Confirm user is Active
- Check audit logs
- Apply fix and verify
Lab 3 — Configure Bypass Authentication
- Navigate to Security tab
- Configure temporary password bypass (4 hours)
- End bypass early
- Configure token bypass (one-time use)
✔ End of User Enrollment Course
For additional guides, visit the Secret Double Octopus Support Portal.