Anonymous account activation

Category: Modules
Subcategory: Authentication

Overview

Delegate activating external user accounts to the place where it belongs, i.e. the end user themselves with this module. Suited for a B2B or B2C scenario where a transition exists from anonymous prospects to registered users.

Documentation

Description

This module enables external users to activate their accounts without the need for an administrator to interfere. It does so with help of a access token/code combination which upon successful validation allows the user to set their password and safely login into the application.

Typical usage scenario

Typical usage is aimed at B2B or B2C apps and apps with external users in general where user accounts are created as part of a background process or within a broader workflow. Examples are:

  • A webshop where a user is converted from anonymous to a named user during order processing.
  • Registrations for an event where event specific information is only accessible for signed in users.
  • A recruitment system where user specific information (i.e. an email address) comes from a 3rd party system.

Features and limitations

This module handles two parts of the activation process:

  • Token/code generation and storage
  • Request handling, validation and password processing
Token/code generation and storage

Token generation is done in the SUB_Activation_Create Microflow. Account name, token and code are generated, stored and available for communication towards the end user.

The SUB_Activation_CreateURL Microflow returns the URL to use for the user.

Request handling

The Java action ActivationRequest publishes a custom request handler that validates an incoming token and presents the user with a page to validate the activation code. The next step upon code validation is to set a password according to the current security standards.

Limitation:

This module DOES NOT provide functionality to communicate token/code information to the end user. The SUB_Activation_CreateURL Microflow generates an URL but users of this module have to use their own communication mechanism.

Dependencies

  • Mx 9.12.1 or higher
  • Community Commons
  • Browser needs to support cookies

Installation

Download the module into your project. In subfolder _USE_ME\1. Configuration you'll find the ASu_ActivationHandler Microflow. Add this to your (existing) startup microflow to enable the request handler.

Configuration

  • Add the provided Login page to your project or use your own.
  • Add the SUB_Activation_Create Microflow to the appropriate place in your workflow, i.e. the place where an Administration.Account object for an external user is created/saved.
  • Add the SUB_Activation_CreateURL Microflow to the place where the URL needs to be created/available to communicate it to the user.

Typical ways of communicating the token URL + Code to the user:

  • Email with token URL and activation code
  • Email with token URL and an SMS with the activation code.
Testing your setup

The project contains a small published REST service to facilitate quick testing of your setup. The service is disabled by default, but it is easy to temporarily include it in the project. The service returns a token + code which can be used to access the request handler. See also the example in the screenshots.

 

Releases

Version: 1.0.0
Framework Version: 9.12.1
Release Notes: Initial release.