Enrollment & Registration
Organizations frequently have unique requirements for enrollment and registration. The Gluu Server enables its admin to customize workflows relating to the enrollment and registration process people face when registering new accounts at new applications.
All Gluu Servers ship ‘out-of-the-box’ with public enrollment. Any inbound requests can be routed to the applicable department for approval. The administrator can supply an XML file that contains the departments, and the respective contacts (including email address) for approval.
Private Registration (with an Invitation Code)
Alternatively, if your organization would like to selectively enable user registration, administrators of the Gluu Server can create a unique link for a temporary invitation code that is sent to applicable users.
The Link entity is stored in LDAP using the OX schema. A new approval page is added to the person’s oxTrust profile so he/she can view and approve pending registration requests.
This feature can be configured to use the LinkTrack API to create a shortened tracking URL. The shortened URL can be published by staff at the internal portal, and staff with access to the Linktrack account can then download and review click metrics.
Registration also includes Google CAPTCHA and email verification. The required user attributes for registration may be specified by the Gluu Server admin.
Registration Approval Workflow
For moderated registrations, the internal person who is associated with the link will be notified via email, and will be required to login to oxTrust to approve the registration. Once approved, the end user will receive confirmation that their account is active, and a link to update their profile if necessary.
It is important that helpdesk support costs are minimized. Password reset can be accomplished by email.
Pre-Registration Interception Script
Through the Gluu Server admin interface, oxTrust, administrators can specify a pre-registration interception script to prevent account duplication. This will enable the oxTrust admin to create custom business logic to determine if a person already has a duplicate account. The attributes of the person from the registration must be available to this script.
Post-Registration Interception Script
oxTrust also enables the admin to specify a post-registration interception script that specifies custom business logic to sync with external systems. Again, attributes of the person from the registration must be available to this script.
Registration Code Expiration Process
Information about the code will be stored in a new LDAP entity. Twice daily, oxTrust will search to find expired registration link entries, and remove them.
Account Expiration Process
A daily process will run to inactivate accounts older than 60 days. In this case, an LDAP attribute “status” will be set to “expired”. Any person with account=expired will be directed to re-register.
After a link is created, a modal window will enable an authorized person to send the invitation code to a comma delimited list of email addresses. The admin can specify a “From” address, and the server will use SMTP to deliver the messages. The admin can also specify a custom message or instructions for the invitee in an additional text box.
Access to Internal Staff
Gluu Server admins who configure invitation codes will authenticate at the internal IDP using SAML or OpenID Connect. The role information will be passed using a specified attribute.