Person Activation feature add additional verification step which must be performed in order to allow the end-user to actually start using his account. When enabled, every person's
account will enter
INACTIVE state after right after finishing sign-up. Every person who's account is in
INACTIVE state is unable to successfully finish the login flow.
This chapter will guide you though all steps that are required to fully configure and use an Person Activation feature with the Onegini IDP.
- What is required?
What is required?
To successfully complete this topic guide you need to ensure following prerequisites:
- Onegini IDP instance must be running, for the sake of this guide we assume it's available under
- Onegini IDP extension instance must be running, for the sake of this guide we assume it's available under
- Onegini IDP ui-extension instance must be running, for the sake of this guide we assume it's available under
http://idp-core.dev.onegini.me/uiaddress (required only for activation via externally delivered code)
- Onegini IDP must have the
Username & passwordidentity provider configured
Before continuing with the topic guide please familiarize with below assumptions first.
To get better understanding of the Person Activation feature please consider the following diagram. It illustrates the flow for the account created via an API call but it also applies for all the other use cases.
Person account can enter
INACTIVE state only in case the Person Activation feature is enabled.
NOTE Please note that enabling the feature affects how person API works - person status will follow the flow of the diagram above also for all api calls.
Person activation is supported in the following flows:
- Person Sign Up via sign up page served by the Onegini IDP web interface
- API endpoints
Person activation feature is disabled by default. Configuration option is available under
Feature management ->
Person activation section.
Currently the following flavours of person account activation are supported:
Activation via email
It allows to activate an account by visiting link delivered to the end-user via email. To enable it select the
Activate via email option and define the link's TTL
(time to live) / expiration time.
Activation via externally delivered code
Allows to activate an account by entering code sent to user's address. To enable it please select
Activate via externally delivered code checkbox and provide few
- allow to resend code after period: time after which user is allowed to resend the code, the resend operation is triggered from the web interface
- unavailability time: initial time during which the activation code is not allowed to be used
- activation code expiration: time after which code is marked as invalid / expired
Additionally it requires the UI Extension service to be configured under
UI-Extension login configuration section. Please fill
in the UI Extension address in base url field, for the sake of this instruction we assume it's available under
Beside of the configuration changes there are also Having the configuration done in the Onegini IDP it is also required to implementation additional changes in the actual customer specific Extension and UI Extension applications.
Extension It is responsible to process generated code and provide it to the user. To be able to do it extension needs to have
UI-extension Provides view shown to the user where code is provided under
Activation via API
Onegini IDP gives additional flexibility to activate the user via an API call thanks to which it can be easily integrated with external services. The Onegini IDP exposes two endpoints which are realising this functionality:
Both flavours of Person Activation feature can be tested in the same way. Please sign up by entering
http://idp-core.dev.onegini.me page. In case the activation via email has
been selected you will be prompted to visit the activation link sent via email. In case activation via code is configured you will be prompted to enter the actual code value
which was delivered to you via different channel (can be SMS, letter or other). Once activation is completed successfully you will be redirected to the dashboard page or back to
the SAML Service Provider.