Overview
- Identity verification with a strong authentication method (e.g. national or bank authentication)
- Customer relationship verification by a CRM system query
- Verification of basic user information (e.g. phone number)
- Approval of service terms
- Activating a strong authentication method, such as SMS or one time password (OTP) printout
- Confirmation of e-mail address
- Automated or administrative approval by an administrator or assigned process owner
1) Role Invitation Workflow
roleinvite.registration = roleinvite ui.role.invite.userinfo.fields = firstname, surname, mobile roleinvite.receiver.approval = false
A confirmation is shown:
A list of all the invited users can be found under the Approvals tab of each organization:
The approval can be inspected further and canceled if required:
Note: Remove the invitation as the IAM Academy environment doesn’t have an email gateway configured.
Role Invitation Workflow Configuration
You must edit the custom/eidm2.properties configuration file:
registration.2 = roleinvite
registration.2.logo.key = org-registration
registration.2.enabled = true
registration.2.inviteonly = true
registration.2.tupas.disabled = true
registration.2.email.confirmation = true
registration.2.approval = false
registration.2.methods = [ { "name" : "password.2", "mandatory" : "true", "visible" : "false", "default" : "true" } ]
registration.2.mobile.confirmation = true
registration.2.userinfo.fields = mobile, password, acceptTerms
registration.2.organizations = { "path" : "Users" }
2) Self Registration Workflow
- Finnish Company BusinessID input (2184053-5)
- User details input (no email or mobile phone number verification)
- Manual approval by an administrative user
- First user will receive Contact Person role from the company-organization
admin.approval.workflow.smeorganization = SME Organization user.tupasname = Name from bank registerWizard.inputuser.summary = Please input your details. Mandatory fields are marked with an asterisk.
For additional registrations, use a VAT registration number generated from this web page (see last column): https://demo.ubisecure.com/utils/hetu/hetu.html
Create a User with the following details:
First name:*: | Karl |
| Last name:*: | Kearnes |
| Mobile phone number: | (enter a real but unique telephone number) |
| Email address:*: | karl@example.com |
| Username:*: | karl |
| Password:* | Qwerty1234 |
| Password confirmation:* | Qwerty1234 |
| The terms of use:* |
The user can initiate the registration from the URL https://login.smartplan.com:7443/eidm2/wf/register/smeorganization
https://login.smartplan.com:7443/eidm2/wf/register/(NAME OF WORKFLOW IN registration.N)
registration.3 = smeorganization
registration.3.logo.key = org-registration
registration.3.enabled = true
registration.3.newuseronly = true
registration.3.inviteonly = false
registration.3.tupas.disabled = true
registration.3.email.disabled = true
registration.3.approval = true
registration.3.methods = [ { "name" : "password.2", "mandatory" : "true", "visible" : "false", "default" : "true" } ]
registration.3.mobile.confirmation = false
registration.3.userinfo.fields = {acceptTerms}, {companyid}, {firstname, surname, mobile, email, password}
registration.3.userinfo.optional = mobile
registration.3.organizations = [ { "path" : "${companyid}", "organizationclass" : "company", "virtual" : "false" } ]
registration.3.roles = [ "${companyid}/user" ]
registration.3.roles.firstuser = [ "${companyid}/mainuser" ]
registration.3.summary.fields = companyid, firstname, surname, mobile, email
This configuration will create the following steps:
Manual approval by administrative user
An approval will be waiting for the admin user:
A request can be modified before approval.
Approve the request to enable the account.
The new organization will be created:
With one user:
