| Panel | ||
|---|---|---|
| ||
The purpose of this module is to demonstrate configuration of two workflows:
|
| Panel | ||
|---|---|---|
| ||
|
Overview
- Identity verification with a strong authentication method (e.g. national or bank authentication)
- Customer relationship verification by a CRM system query
- Verification of basic user information (e.g. phone number)
- Approval of service terms
- Activating a strong authentication method, such as SMS or one time password (OTP) printout
- Confirmation of e-mail address
- Automated or administrative approval by an administrator or assigned process owner
1) Role Invitation Workflow
| Code Block | ||
|---|---|---|
| ||
roleinvite.registration = roleinvite
ui.role.invite.userinfo.fields = firstname, surname, mobile
roleinvite.receiver.approval = false
registration.2 = roleinvite
registration.2.enabled = true
registration.2.inviteonly = true
registration.2.tupas.disabled = true
registration.2.email.confirmation = false
registration.2.approval = false
registration.2.methods = [ { "name" : "password.2", "mandatory" : "true", "visible" : "false", "default" : "true" } ]
registration.2.mobile.confirmation = true
registration.2.userinfo.fields = firstname, surname, mobile, password, acceptTerms
registration.2.summary.fields = firstname, surname, email
registration.2.organizations = { "path" : "Users" }
|
Restart Wildlfly.
In Lab 1.5 the administrator created a new user and added all attributes and roles. Now we demonstrate the role invitation, which is the preferred way to create new user accounts.
Log in as Jeremy Mills
Select organization "City Group" and then "roles"
Tick in "Representative" type of role, and in "Action" select "Invite users to role." That will show you the role invitation workflow:
Write some real personal email and cluck Next
You will be ask to confirm:
Then you see this:
A confirmation is shown:
A list of all the invited users can be found under the Approvals tab of each organization:
The approval can be inspected further and canceled if required:
Note: Remove the invitation as the IAM Academy environment doesn’t have an email gateway configured.
Role Invitation Workflow Configuration
You must edit the custom/eidm2.properties configuration file:
| title | custom/eidm2.properties |
|---|
Now logout from CustomerID and open your mailbox. You will receive an email invitation.
Click on the link and you will see this:
First, click "Confirm Mobile" and inout the code you get in your phone
Fill in your password and accept the user terms. Click "Next" and you will see the confirmation step:
That's how it shows next:
At this point your user account has been created. No approval is needed, you can log in to SmartPlan application or your self-service page.
2) Self Registration Workflow
- Finnish Company BusinessID input (2184053-5)
- User details input (no email or mobile phone number verification)
- Manual approval by an administrative user
- First user will receive Contact Person role from the company-organization
Do the following changes in the configuration files:
| Code Block | ||
|---|---|---|
| ||
admin.approval.workflow.smeorganization = SME Organization user.tupasname = Name from bank registerWizard.inputuser.summary = Please input your details. Mandatory fields are marked with an asterisk. |
For additional registrations, use a VAT registration number generated from this web page (see last column): https://demo.ubisecure.com/utils/hetu/hetu.html
Create a User with the following details:
The user can initiate the registration from the URL https://login.smartplan.com:7443/eidm2/wf/register/smeorganization
https://login.smartplan.com:7443/eidm2/wf/register/(NAME OF WORKFLOW IN registration.N)
| Code Block | ||
|---|---|---|
| ||
registration.3 = smeorganization
registration.3.logo.key = org-registration
registration.3.enabled = true
registration.3.newuseronly = true
registration.3.inviteonly = false
registration.3.tupas.disabled = true
registration.3.email.disabled = true
registration.3.approval = true
registration.3.methods = [ { "name" : "password.2", "mandatory" : "true", "visible" : "false", "default" : "true" } ]
registration.3.mobile.confirmation = false
registration.3.userinfo.fields = {acceptTerms}, {companyid}, {firstname, surname, mobile, email, password}
registration.3.userinfo.optional = mobile
registration.3.organizations = [ { "path" : "${companyid}", "organizationclass" : "company", "virtual" : "false" } ]
registration.3.roles = [ "${companyid}/user" ]
registration.3.roles.firstuser = [ "${companyid}/mainuser" ]
registration.3.summary.fields = companyid, firstname, surname, mobile, email
|
Restart Wildfly
For additional registrations, use a VAT registration number generated from this web page (see last column): https://demo.ubisecure.com/utils/hetu/hetu.html
Create a User with the following details:
First name:*: | Karl |
| Last name:*: | Kearnes |
| Mobile phone number: | (enter a real but unique telephone number) |
| Email address:*: | karl@example.com |
| Username:*: | karl |
| Password:* | Qwerty1234 |
| Password confirmation:* | Qwerty1234 |
| The terms of use:* |
The user can initiate the registration from the URL https://login.smartplan.com:7443/eidm2/wf/register/smeorganization
https://login.smartplan.com:7443/eidm2/wf/register/(NAME OF WORKFLOW IN registration.N)
This configuration will create the following steps:
next
then
step 4 confirmation
confirmation
Manual approval by administrative user
Log in as Scott Long in the adminstartive interface
An approval will be waiting for the admin user:
A request can be modified before approval.
Approve the request to enable the account.
The new organization will be created:
With one user:
Information about the user:
