Skip to content
Go to aheadintranet.com
  • There are no suggestions because the search field is empty.

Onboarding non-Desk Users

This concept serves as a guideline on how to approach the technical onboarding of non-Desk users within your organization.

Definition: Who Are non-Desk Workers?

Non-Desk workers are employees who do not work in a traditional office environment and therefore lack a standard digital workplace setup. Typical roles include:

  • Manufacturing and production staff
  • Shop-floor personnel
  • Field technicians and construction teams
  • Retail or branch employees
  • Customer-facing staff without assigned workstations 

Key Characteristics

Non-Desk workers typically do not have corporate:

  • Digital identity: No account in the corporate directory (e.g., Active Directory / Entra ID)
  • Mailbox: No company email address
  • Device: No computer or corporate mobile device

Additional constraints: Limited or regulated mobile phone use during working hours due to safety, compliance, or security requirements.

The Challenge

When rolling out a modern intranet solution, organisations aim to reach all employees.

However, non-Desk workers present unique technical constraints due to:

  • Missing identities
  • Missing communication channels
  • Limited device access
  • Restricted user lifecycle management processes

Therefore, IT must define a secure, scalable identity approach that enables access while remaining compliant with internal policies.

ahead Intranet: System Overview

ahead is an intranet platform that runs on Microsoft Azure to simplify internal communication, find information across the company, engage employees, and integrate information from third-party systems. ahead runs as a multi-tenant web service on Microsoft Azure that meets a wide range of international compliance standards.

As you can see, we have our own identity provider (IDP) server. This allows us to either delegate authentication to EntraId or use aheadID to authenticate in the system. In the following chapter, those two scenarios are elaborated.

Technical Options for Enabling Non-Desk Workers in ahead

Scenario 1: Microsoft Entra ID Free Account

A user is created in Microsoft Entra ID (formerly Azure AD) without a paid licence.

Such an identity can authenticate normally, is fully compatible with Entra ID–based SSO, and can access systems that rely on Entra ID for authentication—including ahead—as long as no premium features are required.

A key clarification: Although the User Principal Name (UPN) looks like an email address, no Exchange Online mailbox or M365 service is created unless a corresponding licence is assigned.

Advantages

  • Accounts can be reused for other systems, e.g. Entra ID as Identity Provider for HR solutions such as SAP SuccessFactors.
  • Possible integration with existing HR workflows for automated provisioning.
  • Offers strategic alignment across the enterprise identity landscape.

Limitations / Considerations

  • Password Reset:
    • No Self-Service Password Reset (SSPR) included.
    • Password changes must be processed via internal service desk.
  • Conditional Access Policies (CAP):
    • Entra ID Free Accounts cannot be targeted by CAP or dynamic groups.
  • MFA Considerations:
    • Rolling out MFA apps to non-Desk roles is often impractical.
    • MFA introduction should be treated as a separate IT project due to the operational impact.

Scenario 2: aheadID User (Local User Accounts in ahead)

Users can be created directly in ahead, with user management handled by intranet administrators or people with the necessary permission set in ahead.

Requirements

  • A valid email address for each user (used for self-service password reset).

Advantages

  • Full control for intranet administrators.
  • No dependency on the corporate identity system.
  • Straightforward implementation for organisations without Entra ID strategy for non-Desk workers.

Limitations

  • Additional identity silo (parallel identity management).
  • Email address requirement may be a blocker if non-Desk workers lack personal or corporate addresses.

Scenario 3: Hybrid Model (Entra ID for Desk Workers, aheadId for Non-Desk Workers)

A flexible approach combining the strengths of both models:

  • Desk Workers: Authenticated via Entra ID
  • Non-Desk Workers: Managed through aheadId

Advantages

  • Modern identity governance for office workers.
  • Operational simplicity for non-Desk groups.
  • Reduces onboarding complexity while maintaining alignment with IT strategy.

Considerations

  • Requires clear communication and process alignment between HR, IT, and intranet administration.
  • Mixed identity sources increase complexity for reporting and lifecycle management but remain manageable with proper governance.

6.      Summary

To summarize it all, the choice of how to onboard non-desk employees depends largely on your pre-existing infrastructure, resources and know-how available. In short, the following table should give a quick overview:

 

Option

Advantages

Limitations

Best For

EntraId Free Account

Centralised identity, reusable, HR integration possible

No SSPR, no CAP, MFA challenges, requires IT ressources

Large IT organisations with strong identity strategy

aheadId

Simple, controlled by intranet team

Requires email, identity silo

Organisations with minimal IT complexity

Hybrid

Balanced approach, flexible

Mixed governance

Organisations transitioning to unified identity

 

You can download the blueprint here: Blueprint (PDF)