Connecting Users & Browsers

User onboarding in Tozetta Arx follows two clear routes: invite people manually one by one, or import them once and let the platform take care of the rollout automatically.

Onboarding Model

Choose the rollout style that fits your team

Smaller teams usually start manually. Larger organizations typically import users once, after which invitations are sent automatically and activation happens at scale.

Manual

Invite a few users directly and control exactly who starts first.

Automated

Import users once and let Tozetta Arx handle invites and activation automatically.

Path One

Manual Invites

Best for pilots, executives, contractors, or phased rollouts. You select individual users yourself and invite them directly from the platform.

Step 01
Add a user

Create or select an employee record from the Users page.

Step 02
Send invite

The user receives an onboarding email with the install and activation flow.

Step 03
Auto pair browser

After install, the browser pairs to your tenant automatically.

Path Two

Automated Import

Best for organizations that want scale with minimal admin effort. Import your users once and let Tozetta Arx automatically send invitations and handle the rest.

Entra ID

Sync employees directly from Microsoft Entra ID.

Spreadsheet

Import users in bulk from a spreadsheet file.

Workspace

Connect a workspace directory and onboard users automatically.

Automation Flow
1. Connect source

Choose Entra ID, spreadsheet, or workspace.

2. Import once

Bring users into Tozetta Arx in a single step.

3. Invite automatically

The platform sends onboarding emails automatically.

4. Activation completes

Users activate and their browsers pair without manual admin work.

Secure Pairing

What happens after a user accepts?

Once the invite is accepted, the browser installs, activates, and securely pairs with your tenant. From the admin perspective, that is the end of the onboarding flow.

Behind the scenes: the browser generates a local public/private key pair during pairing, so the device is bound securely to the tenant without relying on weak shared credentials.