Your Nametag VerifiedHire instance is now set up and customized. You can start directing new hires to self-service account provisioning. All that’s left to do is to add VerifiedHire into your existing employee onboarding flows.

Create your VerifiedHire onboarding URL.

In the Nametag administrator console, navigate to Configure → Self-service, then copy the URL located underneath “Configure self-service recovery”. Then, add the parameter /?flow=enroll to the end of the URL. 

If you have already set up self-service account recovery, your base URL will be the same. For example, if your microsite URL is recover.acme.com, your onboarding URL will be recover.acme.com/?flow=enroll.  Appending the ?flow=enroll parameter to your microsite URL directs a person down the experience path specified by the request template named “Self-service account provisioning”.

Optionally, you can use the ?email= parameter to pre-fill the email address field on the microsite, and the ?dir= parameter to restrict the directories that are eligible for provisioning for a given user.

You can also link multiple parameters together: for example, creating the URL recover.acme.com/?flow=enroll&email=john@acme.com. 

For more information on URL parameters, refer to our documentation.

Add your VerifiedHire onboarding URL into your workflows.

To start using VerifiedHire to onboard new employees, simply insert this URL (e.g. recover.acme.com/?flow=enroll) into your existing workflows. For example, if you currently send a pre-authenticated Okta enrollment link to a new hire's personal email address, replace that URL with your VerifiedHire onboarding URL. 

Nametag uses this approach of appending a parameter onto your microsite URL in order to make it as easy as possible to fit VerifiedHire into your existing onboarding workflows and tech stacks. This also makes the transition between onboarding and account recovery more intuitive. 

For example, imagine an employee who sets their initial password and enrolls in multi-factor authentication through a VerifiedHire page located at recover.acme.com/?flow=enroll. Six months later, they need to reset their MFA; now they simply navigate to recover.acme.com (with no URL appendix) and follow your Nametag-powered self-service account recovery flow.

Example employee onboarding flow with VerifiedHire.

Here’s an example of how onboarding an employee through Nametag VerifiedHire can look in practice:

1. Generate IT ticket. Human Resources creates a ticket for IT with a new employee’s start date.

2. Create an account. IT creates accounts for the new employee in the relevant identity directories (e.g. Okta, Cisco Duo, Microsoft Entra), including their legal name and birthdate.

3. Send to self-service. On the new hire’s start date, instead of sending a temporary password to their personal email, IT instead sends a link to your VerifiedHire onboarding microsite.

4. Verify their identity. The employee follows the prompts to scan their photo ID and take a selfie. Nametag’s Deepfake Defense engine quickly verifies that they really are who they claim to be.

5. Bind to their account. After verifying that they’re not an imposter, Nametag ensures that the new employee is the right person by matching the info on their ID to the legal name and birthdate in the corresponding directory account.

6. Set initial credentials. Verified hires can proceed to set passwords and enroll in MFA. Meanwhile, Nametag detects, surfaces, and prevents imposters from gaining access to your networks and systems.

Of course, every company has their own approach to onboarding new employees. Contact us to discuss how Nametag can deliver secure self-service onboarding at your organization, or sign up for a free trial of Nametag to see it in action yourself.