/
Invitation to Create or Join

Invitation to Create or Join

Inviting users

When inviting users to join a project (see Add New Users | Using Invitations) the admin does not know if the user has an account. This is to protect the user's details. Previously, the admins were required to send a support ticket for adding existing users to their projects so that we could add them on behalf of the admin. This is no longer necessary with invitations.

The admin will see a list of users who have either not created an account or have yet to accept the invitation to join the project. This will show in the “Invited Users” tab (see screenshot further down). To resend an invitation, select the user and choose “Resend Invite” in the bottom menu. The Invited Users tab will not show if all users have been created and accepted the invitation.

Invitations are limited to 7 days. If they expire, the admin can resend the invitation with a new security token.
New users invites expire. Existing users invites do not.
See Invitation to Create or Join | Expired Invites

Project Invited Users

Invited Users: The admin has access to only the email, user group, and date/time of the invitation. In the project, invited users show in the Invited Users tab until they have joined the project.

image-20250606-190359.png

Organization Invited Users

Invited Users across multiple projects under the same Organization will show in the Invited Users tab within the Organization. Organization Administrators can select these users and resend the invites if they expire or upon request. Invited users can also be removed before an invited is accepted. If the invited user tries to accept or join a project after being removed, the invitation will no longer work. Only new users who do not have an account will see their invite expire. Project and Organization admins can also use “Copy Invite” to share in a personal email of via a chat similar to the Resend Invite option when selecting an Invited User from the list.

image-20250618-134000.png

Create Account

Invitation to Create Account

Those receiving an invitation from the admin will be asked to create an account.

image-20250521-190110.png
Create an account email example.

Step 1: Determine the authentication method.

There are two options. Using Microsoft or using email with a password.

The first option is for users with a Microsoft Entra ID. It may ask them to authenticate their Microsoft Entra ID. Once the authentication is confirmed, the user's account will be created, and they will use Microsoft Entra ID to log in to dRofus.

image-20250521-191043.png
Authentication methods

Note that the preferred language can be modified in the top right corner.

Step 2: Create Account

Using Microsoft Entra ID

image-20250521-191218.png
Define the Role and select Create Account.

When you select “Create Account”, you will be redirected to a Microsoft Entra ID login page. If your Microsoft Entra ID matches the invitation email and is a business account, you will proceed to grant permissions. If your organization requires admin approval, you may see a message stating that admin consent is needed. Contact your IT department if you cannot proceed.

IT Pre-Approval

dRofus Entra ID integration requests only low-impact permissions (openid and profile scopes). By default, these do not require the consent from organization’s Entra ID administrator.

First Request Approval
However, organizations can change this default, so administrator’s consent might be required even for low-impact permissions. In such case, either an administrator can pre-approve (consent in advance). Otherwise, the first user attempts to authenticate via dRofus Entra ID solution, will see an Approval required prompt. This will also notify the administrator. For more details, see Consent experience for applications in Microsoft Entra ID - Microsoft identity platform | Microsoft Learn

Pre Approval
It is also possible for administrators Pre-authorize, which will allow administrators to pre-consent the dRofus Entra ID solution. An administrator consent will result that user's won't be prompted for consent, even in scenarios where administrator consent is not required.

The easiest way to do so is visiting dedicated consent page. The URL-template for this is: https://login.microsoftonline.com/{organization_id}/adminconsent?client_id=7e31cb5e-4a4a-42a8-9662-4d35c9ce7488, where {organization_id} should be replaced with (destination) organization (tenant) id. Hint: this is a UUID. For more details, see Grant tenant-wide admin consent to an application - Microsoft Entra ID | Microsoft Learn

Additional Information

dRofus access via Microsoft Entra ID is only used to confirm the users is who they say they are.

dRofus supports 2FA - see how it works:

dRofus supports user directory synchronization and SSO setup for organizations using Azure AD:

Reference dRofus security and data protection documentation:

image-20250521-191302.png
Authenticate with Microsoft

The Microsoft Entra ID email must match the invitation email. The Microsoft email must be a business account.

Using Email with Password

image-20250521-191651.png
Set the password following the guidelines, confirm the password again, and then select Continue to Profile.
image-20250521-191756.png
Set Password
image-20250521-191945.png
A green color will show that a strong password has been created.
image-20250521-192147.png
When the passwords match, the Continue to Profile option will become available.
image-20250521-192226.png
If the admin only defined the email, the first and last names will not be populated.
To define the names, use this format in the admin system: John Wayne <jw@cowboy.com>
image-20250521-192423.png
When names and Role are set, the Create Account option will become available to create the account.

If the user is invited to several projects at once, they will be listed in the create account process.

image-20250521-194134.png
Invited to many projects

Creating the account will then navigate the newly created user to the Account App.

Accept Invitation

Invitation to Join a Project

When the admin invites a user with an account, the email and process are different since there is no need to create an account. Instead, the user is invited to join the project.

Accepting invitations allows the users to opt in to access the project and leave the project.

Those receiving an invitation from the admin will be asked to accept the invitation.

image-20250521-200339.png
Accept the invitation email example.

Step 1: Sign in to confirm you have an account

image-20250521-200548.png
Sign in to accept the invitation.
image-20250521-200638.png
Sign in with username/password or Microsoft.

Step 2: Accept or Reject Invitations

image-20250523-193557.png
The projects requesting to join will show at the bottom of the Account App - with Accept or Reject Options
image-20250523-193657.png
A notification will show that confirms joining the project and the Organization counter will increase.

Accepting to join a project will show the project in the list via the Organizations and Projects area in the Account App.

Expired Invites

Project, Organization and Server Admins can Resend invites for users who’s invitations expired. Unused invite security tokens will expire after 7 days. Selecting the user and then Resend invite will send a new email with a new invite token. Alternatively, use the Copy Invite option to paste it into a message to the user.

image-20250618-181509.png

 

https://support.drofus.com