Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Panel
titlePurpose

The purpose of this module is to demonstrate configuration of two workflows:

  • Workflow for inviting users into the system
  • Self-registration workflow for registering organizations organisations and users



Panel
titleRequirements
  • SSO and CustomerID installed


Overview


Ubisecure Identity Server supports different kinds of user registrations. Multiple types of registrations can also be used at the same time.
Registration workflows are configured in the eidm2.properties configuration file.
The registration workflow phases:
  1. Identity verification with a strong authentication method (e.g. national or bank authentication)
  2. Customer relationship verification by a CRM system query
  3. Verification of basic user information (e.g. phone number)
  4. Approval of service terms
  5. Activating a strong authentication method, such as SMS or one time password (OTP) printout
  6. Confirmation of e-mail address
  7. Automated or administrative approval by an administrator or assigned process owner


Instructions

1)


In this lab we will configure two workflows:

  1. Role invitation workflow
  2. User self-registration workflow


Part 1: Role Invitation Workflow

Define the registration workflow the role invite functionality is using custom/eidm2.properties

Code Block
titleeidm2.properties
roleinvite.registration = roleinvite
ui.role.invite.userinfo.fields = firstname, surname, mobile
roleinvite.receiver.approval = false
Image Removed

Image Removed

Image Removed

Image Removed

A confirmation is shown:

Image Removed

A list of all the invited users can be found under the Approvals tab of each organization:

Image Removed

The approval can be inspected further and canceled if required:

Image Removed

Image Removed

Note: Remove the invitation as the IAM Academy environment doesn’t have an email gateway configured.

Role Invitation Workflow Configuration

You must edit the custom/eidm2.properties configuration file:

Code Block
titlecustom/eidm2.properties
registration.2
=
roleinvite
registration.2.logo.key = org-registrationroleinvite
registration.2.enabled = true
registration.2.inviteonly = true
registration.2.tupas.disabled = true
registration.2.email.confirmation = truefalse
registration.2.approval = false
registration.2.methods = [ { "name" : "password.2", "mandatory" : "true", "visible" : "false", "default" : "true" } ]
registration.2.mobile.confirmation = true
registration.2.userinfo.fields = firstname, surname, mobile, password, acceptTerms
registration.2.summary.fields = firstname, surname, mobile, email
registration.2.organizations = { "path" : "Users" }

Restart Wildlfly.

In Lab 1.6 the administrator created a new user and added all attributes and roles. Now we demonstrate the role invitation, which is the preferred way to create new user accounts.

Log in as Jeremy Mills

Image Added

Select organisation "City Group" and then "roles"

2) Self Registration Workflow

 

User and Organization

Tick in "Representative" type of role, and in "Action" select "Invite users to role."

Image Added


That will show you the role invitation workflow. Write your email (or some real personal email you have access to) and click "Next"


Image Added


Write the firstname, lastname and your own phone number.


Image Added


Write a message and click the Confirm button:

Image Added


Then you see this:

Image Added


Now logout from My SmartPlan and open your mailbox. You will receive an email invitation.

Image Added


Click on the link and you will see this:


Image Added

First, click "Confirm Mobile" and input the code you get in your phone

Image Added

Fill in your password and accept the user terms. Click "Next" and you will see the confirmation step. Click the Confirm buttom.

Image Added

That's how it shows next:

Image Added

At this point your user account has been created. No approval is needed, you can log in to SmartPlan Application or your self-service page.

Take note of the email and password as you will use this new user account in later exercises.


Part 2: User Self-Registration Workflow


User and Organisation registration workflow to be configured
  • Finnish Company BusinessID Business ID input (e.g. 2184053-5 is CityGroup's Company ID)
  • User details input (no email or mobile phone number verification)
  • Manual approval by an administrative user
  • First user will receive Contact Person role from the company-organizationorganisation


Do the following changes in the configuration files:

Code Block
titlecustom/messages_en.properties
admin.approval.workflow.smeorganization = SME Organization
user.tupasname = Name from bank
registerWizard.inputuser.summary = Please input your details. Mandatory fields are marked with an asterisk.

For additional registrations, use a VAT registration number generated from this web page (see last column): https://demo.ubisecure.com/utils/hetu/hetu.html

Create a User with the following details:

First name:*:
KarlLast name:*: KearnesMobile phone number:(enter a real but unique telephone number)Email address:*: karl@example.comUsername:*: karlPassword:* Qwerty1234Password confirmation:*Qwerty1234The terms of use:*

The user can initiate the registration from the URL https://login.smartplan.com:7443/eidm2/wf/register/smeorganization

https://login.smartplan.com:7443/eidm2/wf/register/(NAME OF WORKFLOW IN registration.N)


Code Block
titleeidm2.properties
registration.3 = smeorganization
registration.3.logo.key = org-registration
registration.3.enabled = true
registration.3.newuseronly = true
registration.3.inviteonly = false
registration.3.tupas.disabled = true
registration.3.email.disabled = true
registration.3.approval = true
registration.3.methods = [ { "name" : "password.2", "mandatory" : "true", "visible" : "false", "default" : "true" } ]
registration.3.mobile.confirmation = false
registration.3.userinfo.fields = {acceptTerms}, {companyid}, {firstname, surname, mobile, email, password} 
registration.3.userinfo.optional = mobile
registration.3.organizations = [ { "path" : "${companyid}", "
organizationclass
organizationtype" : "company", "virtual" : "false" } ]
registration.3.roles = [ "${companyid}/user" ]
registration.3.roles.firstuser = [ "${companyid}/mainuser" ]
registration.3.summary.fields = companyid, firstname, surname, mobile, email


Restart Wildfly


Create a User with the following details:

First name:*:
Karl
Last name:*: Kearnes
Mobile phone number:Enter a real but unique telephone number (Optional).
Email address:*: karl@kokomedia.local
Company ID9404545-2
Password:* Qwerty1234
Password confirmation:*Qwerty1234
The terms of use:*


The user can initiate the registration from the URL https://login.smartplan.com:7443/eidm2/wf/register/smeorganization


This configuration will create the following steps. Accept the terms and click the Next button.

Image Added

Input the Company ID:

Image Added

Fill in the user details:

Image Removed

Image Removed

Image Added

Confirm the user details.

Image Added

This page acknowledges the registration:

Image Added

Manual approval by administrative user

Now log in as Scott Long in the administrative interface. An approval will be waiting for the admin user:

Image Removed

Image Removed


Image Added

Click on "Approvals" tab:

Image Added


A request can be modified before approval.

Image RemovedImage Added

Approve Now approve the request to enable the account.

Image Added

The new organization organisation will be created:

Image Removed

With Image Added

In the new organisation you will see one user:

Image Removed

Image Removed

 Image Added

Click "Open" and you will see more information about the user:

Image Added