Getting Started with YeshID

Last updated: June 29, 2026

This guide takes a new admin from sign-up to a fully working YeshID setup. The end state: YeshID knows who your people are, what they can access, and keeps that picture accurate automatically.

The work is organized into seven milestones. We recommend completing them in order as each builds on the last. Each milestone has a Why it matters, a What to do, and a checkpoint so you know when to move on.

How to use this playbook

When you first sign in, the Home page shows a Getting Started checklist that tracks the foundational steps for you and disappears once you're up and running. This playbook follows that same path and then goes further — covering the automation, access control, and audit capabilities that the in-app checklist doesn't.

Each milestone below has three parts:

  • Why it matters: what this step buys you, in plain terms.

  • What to do: the concrete steps, using the labels you'll see on screen.

  • You've reached this milestone when: a checkpoint so you know you're done before moving on.

Milestone 1: Sign up and connect your directory

Why it matters: Your directory — Google Workspace, Microsoft, or Okta — is the list of people in your organization. Connecting it is what lets everyone log in to YeshID and gives YeshID the roster it builds everything else on top of. This is the foundation.

What to do:

  1. Go to app.yeshid.com/login and select Create Account.

  2. Sign up with Google or Microsoft and follow the onboarding prompts. The account you sign up with becomes your first admin, and your directory starts syncing in the background.

  3. To confirm or add a directory later, go to Organization > Directories and select Add Directory. YeshID supports Google WorkspaceMicrosoft, and Okta (Okta is available on the Business plan).

  4. Open Organization > People and confirm your team appears.

You've reached this milestone when… your people show up under Organization > People and you (and they) can sign in. In the in-app checklist, this completes Add your users.

Milestone 2: Capture your source of truth

Why it matters: Before YeshID can help you manage access, it needs to know the access you have today — who's in which application right now. We call this your source of truth. Getting it in turns YeshID from an empty shell into an accurate map of your current reality, and it's the single highest-value thing to do early.

What to do: YeshID gives you three ways to import current access, depending on how cooperative each application is. Start with the first that works:

  1. Import via app connection: best when the app is in our catalog and connects easily. Go to Access > Applications, select Add Application, pick the app, assign a Technical Owner, and connect it. YeshID pulls in the existing accounts automatically.

  2. Import via CSV: best when the app lets you export a user list. Export the list (YeshID really only needs a column of email addresses), then on the application's page choose Manage > Import Users and upload the file.

  3. Import via screenshot: best when the app has no export but does show a list of users with emails. Take a screenshot, then use Manage > Import Users and drop the image in.

Whichever method you use, review the changes and confirm before they're applied.

You've reached this milestone when… at least one of your important applications shows its real accounts under its Accounts tab.

Milestone 3: Connect your core applications

Why it matters: Importing a snapshot (Milestone 2) tells YeshID what access exists; connecting an application lets YeshID actually do something about it, like create accounts, update them, and remove them as people join and leave. The more of your key apps are connected, the more YeshID can automate. Aim for at least your most important three to start.

What to do:

  1. Go to Access > Applications and select Add Application.

  2. Assign one or more Technical Owners (1–5). These are the people YeshID notifies about sync issues and who can manage the app later.

  3. Open the application, go to its Integration section (or Manage > Connect), and choose an integration type:

Integration type

When to use it

Prebuilt

The app is in YeshID's catalog, and we maintain the connector. The easiest path — choose this whenever it's offered.

SCIM

The app supports the SCIM 2.0 standard. Best for ongoing lifecycle management once configured. See SCIM with YeshID.

Build your own

A custom connector with flexible mappings, for apps that aren't in the catalog and don't offer SCIM.

  1. Authenticate, then review the available Actions and enable only the ones you want YeshID to perform.

You've reached this milestone when… three or more applications are connected and authorized.

Milestone 4: Automate onboarding and offboarding

Why it matters: This is where YeshID starts saving you real time. Instead of manually granting and revoking access for every new hire and departure, you define workflow templates once - a repeatable checklist of accounts to create, groups to add, and tasks to assign- and YeshID runs them on demand. Offboarding templates do the reverse, so access is removed reliably when someone leaves.

What to do:

  1. Go to Manage > Workflows and create an onboarding template and an offboarding template. Add the apps, groups, and tasks that a typical new hire (or departure) needs.

  2. To run an onboarding, go to Organization > People, choose the person, and select Onboard person. Use Schedule this person to be onboarded to set a Start date and time (and an optional End date reminder). Offboarding works the same way.

  3. (Paid plans, with an HRIS connected) To run onboarding automatically, set up an HRIS onboarding trigger so a new hire detected in your HR system kicks off - or stages - the right workflow. Staging keeps a human in the loop before anything runs. See Setting up an HRIS Onboarding Trigger.

You've reached this milestone when… you've created onboard and offboard templates and run at least one onboarding workflow.

Milestone 5: Define access with RBAC

Available on the Business plan. If you don't see RBAC under Access, talk to your YeshID contact about upgrading.

Why it matters: Up to now, you've been managing access app by app and person by person. Role-Based Access Control (RBAC) lets you describe the rule once — "the Engineering team gets GitHub as a Developer" — and YeshID keeps reality lined up with it. It answers the questions auditors love to ask: Who has access to this app, and why? What should this person have, based on their role?

What to do:

  1. Go to Access > RBAC and select New RBAC Policy. Give it a clear, intent-based name (e.g. "Engineering — Core Tools") and assign at least one Owner.

  2. On the Principals tab, add the people or groups the policy covers. Prefer groups — a policy built on groups maintains itself as people join and leave.

  3. On the Access tab, add the applications. For each, optionally pick a Role and set a Provisioning type:

    • Lazyauthorizes access without creating accounts. Good when you're defining who's eligible for an app.

    • Eagerauthorizes and provisions — YeshID makes sure everyone the policy covers actually has the account. Good for the core tools everyone on a team needs on day one.

  4. Set the policy Active and review the change summary. If YeshID detects access drift, let it generate the remediation workflows to bring access in line.

You've reached this milestone when… you have at least one active policy and YeshID is reporting access drift against it (under Security > Access Drift). Read Role-Based Access Control (RBAC) for the full model, including how RBAC plugs into onboarding via the Apply RBAC policy task.

Milestone 6: Let people request access, and turn on notifications

Why it matters: Not all access can be predicted ahead of time. Access Requests let your people ask for an app when they need it and route the request to the right approver — so access stays controlled without you becoming a bottleneck. Pairing this with Slack notifications means requests and approvals happen where your team already works.

What to do:

  1. Connect Slack and enable YeshID notifications so requests, approvals, and workflow updates reach your team. See Enabling YeshID Notifications in Slack.

  2. Your people can now request access two ways:

    • In YeshID: from the My Apps page, select Request an application, choose the app and role, add a reason, and Submit request.

    • In Slack: type /request, pick the app and role, and send.

  3. As an admin or Technical Owner, review incoming requests under Access > Access Requests and approve or deny them. Approvers and requesters are kept in the loop over Slack.

  4. Fine-tune what YeshID sends and to whom under Manage > Settings > Notifications. See Notifications with YeshID.

You've reached this milestone when… a test access request flows end to end — submitted, routed to an approver, and granted — and you see the notifications land in Slack. Full details are in Access Requests in YeshID.

Milestone 7: Prove it with an access audit

Why it matters: Everything you've set up converges here. An Audit Campaign captures a snapshot of who has access to what, asks the right people to certify it, removes what shouldn't be there, and produces signed, downloadable evidence. It's how you turn "we manage access carefully" into something you can show an auditor — SOC 2, ISO, or an internal review.

What to do:

  1. Go to Access > Audit Campaigns and create a campaign. Assign an Owner, the Certifiers who'll review access, and the Remediators who'll carry out removals.

  2. Work through the four phases:

    • Snapshot: sync or upload current access for each in-scope app, then capture the baseline.

    • Certification: certifiers mark each finding ApproveDeny (reason required), or Undecided.

    • Remediation and Verification: launch remediation workflows for denied access, then verify the changes took effect.

    • Close: finalize once every finding is decided and remediation is verified. The campaign becomes read-only.

  3. Export a PDF Report (Full or Executive) and pull artifacts from the Evidence Vault when you need to hand evidence to an auditor.

You've reached this milestone when… you've closed your first campaign and can download its report. See the Audit Campaign User Guide for roles, phases, and every action in detail.

Where to go next

Once the milestones are in place, YeshID becomes a living system rather than a one-time setup. A few good habits:

  • Keep groups current. RBAC, onboarding, and access reviews all lean on group membership. When groups are accurate, the rest stays accurate on its own.

  • Lean on automation. Move from manually onboarding people to HRIS-triggered workflows, and from one-off grants to RBAC policies, as you get comfortable.

  • Treat drift as a signal. Recurring access drift usually means a policy is missing or a group is stale — fix the cause, not just the symptom.

  • Audit on a cadence. Running campaigns regularly (not just before an audit deadline) keeps surprises small.

FAQ

Do I have to complete the milestones in order?

The first three build on each other — you need people in (Milestone 1) before you can map their access (Milestone 2), and connected apps (Milestone 3) before automation does much. After that, Milestones 4–7 can be tackled in whatever order matches your priorities.

What's the difference between importing an app and connecting it?

Importing (Milestone 2) captures a snapshot of existing access so YeshID can see it. Connecting (Milestone 3) establishes a live integration so YeshID can act — create, update, and remove accounts going forward.

Why don't I see RBAC or Audit Campaigns in my navigation?

These are paid features. Audit Campaigns are on paid plans (Growth and Business), and RBAC is on the Business plan. If they're missing, talk to your YeshID contact about upgrading.

The Getting Started checklist disappeared from my Home page. Did I lose it?

The in-app checklist hides itself once you're established. This playbook covers the same ground and more, so you can keep using it as your reference.

Where can I manage notifications and integrations after setup?

Notifications live under Manage > Settings > Notifications, directories under Organization > Directories, and application integrations under Access > Applications.