Versions Compared

Old Version 11

changes.mady.by.user Former user

Saved on

compared with

New Version 12

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Panel
titlePurpose

The purpose of this module is to demonstrate configuration of two workflows:

  • Workflow for inviting users into the system
  • Self-registration workflow for registering organizations and users



Panel
titleRequirements
  • SSO and CustomerID installed



Overview


Ubisecure Identity Server supports different kinds of user registrations. Multiple types of registrations can also be used at the same time.
Registration workflows are configured in the eidm2.properties configuration file.
The registration workflow phases:
  1. Identity verification with a strong authentication method (e.g. national or bank authentication)
  2. Customer relationship verification by a CRM system query
  3. Verification of basic user information (e.g. phone number)
  4. Approval of service terms
  5. Activating a strong authentication method, such as SMS or one time password (OTP) printout
  6. Confirmation of e-mail address
  7. Automated or administrative approval by an administrator or assigned process owner

1) Role Invitation Workflow

Define the registration workflow the role invite functionality is using custom/eidm2.properties

Code Block
titleeidm2.properties
roleinvite.registration = roleinvite
ui.role.invite.userinfo.fields = firstname, surname, mobile
roleinvite.receiver.approval = false

registration.2 = roleinvite
registration.2.enabled = true
registration.2.inviteonly = true
registration.2.tupas.disabled = true
registration.2.email.confirmation = false
registration.2.approval = false
registration.2.methods = [ { "name" : "password.2", "mandatory" : "true", "visible" : "false", "default" : "true" } ]
registration.2.mobile.confirmation = true
registration.2.userinfo.fields = firstname, surname, mobile, password, acceptTerms
registration.2.organizations = { "path" : "Users" }

Restart WildlfyWildlfly.

In Lab 1.5 the administrator created a new user and added all attributes and roles. Now we demonstrate the role invitation, which is the preferred way to create new user accounts.

Log in as Jeremy Mills

Image Added

Select organization "City Group" and then "roles"

Image Added


Tick in "Representative" type of role, and in "Action" select "Invite users to role." That will show you the role invitation workflow:

Image Added

Write some real personal email and cluck Next

Image Added


You will be ask to confirm:

Image Added


Then you see this:

Image Added















A confirmation is shown:


A list of all the invited users can be found under the Approvals tab of each organization:

The approval can be inspected further and canceled if required:



Note: Remove the invitation as the IAM Academy environment doesn’t have an email gateway configured.

Role Invitation Workflow Configuration

You must edit the custom/eidm2.properties configuration file:

Code Block
titlecustom/eidm2.properties
registration.2 = roleinvite
registration.2.logo.key = org-registration
registration.2.enabled = true
registration.2.inviteonly = true
registration.2.tupas.disabled = true
registration.2.email.confirmation = true
registration.2.approval = false
registration.2.methods = [ { "name" : "password.2", "mandatory" : "true", "visible" : "false", "default" : "true" } ]
registration.2.mobile.confirmation = true
registration.2.userinfo.fields = mobile, password, acceptTerms
registration.2.organizations = { "path" : "Users" }



2) Self Registration Workflow

 

User and Organization registration workflow to be configured
  • Finnish Company BusinessID input (2184053-5)
  • User details input (no email or mobile phone number verification)
  • Manual approval by an administrative user
  • First user will receive Contact Person role from the company-organization


Code Block
titlecustom/messages_en.properties
admin.approval.workflow.smeorganization = SME Organization
user.tupasname = Name from bank
registerWizard.inputuser.summary = Please input your details. Mandatory fields are marked with an asterisk.


For additional registrations, use a VAT registration number generated from this web page (see last column): https://demo.ubisecure.com/utils/hetu/hetu.html


Create a User with the following details:

First name:*:
Karl
Last name:*: Kearnes
Mobile phone number:(enter a real but unique telephone number)
Email address:*: karl@example.com
Username:*: karl
Password:* Qwerty1234
Password confirmation:*Qwerty1234
The terms of use:*


The user can initiate the registration from the URL https://login.smartplan.com:7443/eidm2/wf/register/smeorganization

https://login.smartplan.com:7443/eidm2/wf/register/(NAME OF WORKFLOW IN registration.N)


Code Block
titleeidm2.properties 
registration.3 = smeorganization
registration.3.logo.key = org-registration
registration.3.enabled = true
registration.3.newuseronly = true
registration.3.inviteonly = false
registration.3.tupas.disabled = true
registration.3.email.disabled = true
registration.3.approval = true
registration.3.methods = [ { "name" : "password.2", "mandatory" : "true", "visible" : "false", "default" : "true" } ]
registration.3.mobile.confirmation = false
registration.3.userinfo.fields = {acceptTerms}, {companyid}, {firstname, surname, mobile, email, password} 
registration.3.userinfo.optional = mobile
registration.3.organizations = [ { "path" : "${companyid}", "organizationclass" : "company", "virtual" : "false" } ]
registration.3.roles = [ "${companyid}/user" ]
registration.3.roles.firstuser = [ "${companyid}/mainuser" ]
registration.3.summary.fields = companyid, firstname, surname, mobile, email


This configuration will create the following steps:



Manual approval by administrative user

An approval will be waiting for the admin user:


A request can be modified before approval.


Approve the request to enable the account.

The new organization will be created:


With one user: