You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Introduction

This wiki page aims to show how to manage Sefl registration for anonymous users.

Enable/disable Self Registration

Self registration can be enabled or disabled by setting the value of property createRequest.allowed to true or false.

This can be done either via REST or through administration console.

Self registration form

When enabled, anonymous users can access to Self registration form clicking on "Self registration" link that appear at the bottom of the Administration Console login form.

Manage self registration user requests

When an anonymous user submit the Self registration form, Syncope create an "UserRequest" and forward it to designated administrators.
Created request will appears in the Administration Console under "TODO > User request" tab.

User creation and activation

Under "TODO > User request" of Administration Console an admin can select a user request, check and modify user attributes, resources and roles as well. When the user request it's saved, Syncope create and start a new User Workflow instace that will manage the entire identity lifecycle.

According to Default Workflow user creation it's the first activity executed by workflow (it can vary if user workflow definition has been customized). As shown by figure of Default Workflow, user activation process depends on the sequence of executed activities; user activation can be achived without additional steps, through explicit user approval, with (opt-in) token validaton or both. Syncope uses revserved administrative roleIds assigned to the user to choose which steps to execute.

User activation with approval workflow

According to Default Workflow, user activation approval occurs if the user is assigned the roleId=9 ("roleForWorkflowApproval").

After user request it's saved a new worflow instance it's started creating a new user with a "createApproval" status.

Approval task activity appears under "TODO > Approval" tabs. Admin can claim the task and choose whether activate the user or not. If the user it's approved it's saved in the "active" status and provisioned otherwise it's saved in the "rejected" status.

User activation with (opt-in) token validation

According to Default Workflow, user activation by (opt-in) token validation occurs if the user is assigned the roleId=11 ("roleForWorkflowOptIn").

User activation with approval and (opt-in) token validation

According to Default Workflow, both user activation approval and (opt-in) token validation occurs if the user is assigned the roleId=9 and roleId=11.

  • No labels

Questions? Just send an e-mail to user@syncope.apache.org