Related Tips & Info

Self-Registration: Activating account via e-mailed link

MigrationDeletedUser
0 Likes

Self-Registration can be useful for external users. And a process that allows for validation of the e-mail address before activating the account is adding a layer of confidence versus who the requester is.

Here is a simple example that you can customize to meet your needs.

First let's look at the Self-Registration validation process.


Click to view.

Figure 1: Welcome Page for IdM 4(RBPM).


Click to view.

Figure 2: Self-Registration page.


Click to view.

Figure 3: Account is disabled upon Self-Registration account creation.


Click to view.

Figure 4: User receives e-mail via e-mail address typed in the self-registration form. The e-mail includes validation link.


Click to view.

Figure 5: User is directed to web form for activating the account. Additionally, the user must agree to the Terms & Conditions, otherwise account will not be activated.


Click to view.

Figure 6: Once user agrees to the Ts&Cs(checkbox is checked) account will be activated.


Click to view.

Figure 7: User can now login to IdM and other auto-provisioned apps(via IdM drivers).

What's required?

First, you need to configure Self-Registration in IdM. You can follow these instructions: TID: 3002868 - How to allow anonymous users to self register to the User Application Portal

N.B. You need to grant trustee write rights(All attributes rights) at the OU level to the Public user.

Then you need a Null or Loopback driver to:

  1. Disable the account upon self-reg creation;
  • Generate a unique key for the validation link, and store it in an attribute;
  • Send the e-mail to the user;
  • Check for when the user validates the account and enable it.

Click to view.

Figure 8: Null Driver rule that disables the user, generate a unique key, and send the e-mail.


Click to view.

Figure 9: Null driver rule that watches for account validation.


Click to view.

Figure 10: Null driver filter.


Click to view.

Figure 11: Null driver configuration, pointing to ECMA/Javascript function to generate MD5 hash.

The zip download includes and export of the ECMA MD5 hash function, the Null Driver policy, and the war archive that includes the jsp form for e-mail validation.

N.B. I am using the admin account to write the attribute in the vault using the jsp form, but for a real deployment, a special account with only access to the single attribute selected would be appropriate.

For the war, I just deployed it on JBoss which I also use to run IdM(RBPM). You can access the JBoss console using http://idm_server_address:port (admin/admin is default).


Click to view.

Figure 12: Deploying war on JBoss.

Labels:

How To-Best Practice
Comment List
Related
Recommended

Resources

Support
Documentation
Learning Services
CyberRes Academy
Partner Programs
Contact us
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Conduct
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.