A Beginners Guide to OpenIDM Part 5 – User Registration

Last time we configured mappings to create user objects in OpenIDM from a CSV file. This is commonly something you might do when populating a new identity system for the first time with your existing users, but what about getting new users into the system?

 

This blog we will take a look at configuring OpenIDM’s user self registration functionality and how we can perform some post processing on new users.Note: As many of you will be aware OpenIDM 4.5 has recently been released, for now I am going to continue using OpenIDM 4 for this blog but everything we talk about here is still applicable to 4.5, albeit with minor differences. I will likely move to OpenIDM 4.5 (or 5 even) when the beginners series is concluded.

User Registration

To turn on User Registration in OpenIDM, first log in as an administrator. Then navigate to Configure, then User Registration.

 

 You will see the User Registration configuration screen:

 

 

Now before we turn it on, log out and take a look at the OpenIDM user login screen: http://localhost.localdomain.com:8080/#login/

 

 

Just try to remember what it looks like right now, as it will change in a moment.

 

By default, User Registration is disabled. Lets enable it now. Click the “Enable User Registration” slider.

 

You can see that we have a number of Registration Steps. These can be turned on and off as you require, they can also be re-ordered by dragging and dropping.

 

Lets briefly talk about what each of these steps involves:
  • reCAPTCHA for Registration: Google’s “I am not a robot” dialog. To prevent automated bots registering.
  • Email Validation: User is sent an email, they must click a link in the email to progress registration. Verifying that they do indeed have access to the email account.
  • User Details: Simply allows you to modify the attribute on the user object associated with email address. By default this is mail but you might want to change it based on your managed user schema if you have made changes.
  • KBA Stage: Whether or not to enforce the use of Knowledge Based Authentication i.e. challenge questions and answers.
  • Registration Form: Here you can change the Identity Service URL to another managed object.
Note that you cannot configure everything in the UI, but we will shortly take a close look at how you can do that for Email Validation and KBA Stage if required.

 

So lets make sure that we have turned everything on in the as in the image above, except for reCAPTCHA. There is no save button. Toggling the sliders is sufficient here.

 

Now log out again, and take another look at the user login screen:

 

 

You should see we now have a link to Register. You can take a look but this won’t really work yet as we need to configure the steps, mainly Email Validation. So lets do that now.

 

Configuring Email Validation

We need to configure Email Validation and for this we are going to need an email server. If you have an email server, great. If not I suggest downloading something like https://mailtrap.io

 

Navigate to Configure, then System Preferences.

 

Select the Email tab.

 

 

Toggle the Enable Email slider, then Use SMTP Authentication.

 

 

Enter the host, port and credentials for your email server.

 

 

Then press Save.

Testing Registration

Logout of OpenIDM, navigate to the user login page: http://localhost.localdomain.com:8080/#login/ and select the Register link again.

 

Enter a test email address and press SEND.

 

All being well you should receive an email:

 

 

If you click the link, you will continue the registration process in OpenIDM.

 

Press Save, then you can complete your KBA questions:

 

 

When that is done, press Save for the final time and you should see that…

 

 

Registration is complete, if you Return to Login Page you should be able to log in with your new user ( by default this is the username we set on the 2nd page, not the email address ).

 

 

Customising Registration

As with everything ForgeRock every step of the Registration process can be customised, and you can use our REST API’s if you want to build a completely customised experience.

 

However there are two customisations which are frequently performed, let’s take a quick look at them now.

Customising the Registration Email

This can be easily achieved through the UI, if you return to Configure, then User Registration and edit the Email Validation step.

 

 

If you prefer you can also edit this directly via <openidm>/conf/selfservice-registration.json

 

Customising KBA Challenge Questions

If you want to edit KBA questions you need to do this directly by editing <openidm>/conf/selfservice.kba.json

This blog post was first published @ http://identity-implementation.blogspot.no/, included here with permission from the author.

©2017 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?