User Registration with Email Verification¶
Registering users with email verification is an account management feature offered by WSO2 Identity Server.
In this approach, an administrator first creates a user account with a default password that will be emailed to the user's registered email Id for confirmation.
Scenario¶
Pickup is a cab company that has many employees who use different credentials to sign in to different internal enterprise applications. While Robert is an administrator at Pickup, Mark is a new recruit.
Robert wants to register a user account with a default password for Mark and get it activated by requesting Mark to verify.
Let's learn how it's done!
Set up¶
Follow the steps below to configure WSO2 Identity Server to enable password entry for account confirmation.
-
Open the
deployment.toml
file in the<IS_HOME>/repository/conf
directory.-
To request email verification from the users who are registered with a default password, add the following configurations.
[identity_mgt.user_onboarding] enable_email_verification = true lock_on_creation=true
-
To configure the email server to send emails requesting a password entry, add the following configurations.
- from_address: This is the email address from which the confirmation email will be sent.
- username: This is the user name of the given email address.
- password: This is the password of the given email address.
[output_adapter.email] from_address= "" username= "" password= "" hostname= "smtp.gmail.com" port= 587 enable_start_tls= true enable_authentication= true
[output_adapter.email] from_address= "[email protected]" username= "wso2iamtest" password= "Wso2@iam70" hostname= "smtp.gmail.com" port= 587 enable_start_tls= true enable_authentication= true
If you are using a Google email account
Google has restricted third-party applications and less secure applications from sending emails by default. As WSO2 Identity Server acts as a third-party application when sending emails for password entry, follow the steps below to enable your Google email account to provide access to third-party applications.
-
Under Signing in to Google section, turn off the 2-step Verification option.
-
Enable Less secure app access in Google Account Security section.
-
-
Sign in to the WSO2 Identity Server Management Console at
https://<SERVER_HOST>:9443/carbon
as an administrator. -
On the Main menu of the Management Console, click Identity > Identity Providers > Resident.
-
Under the User Onboarding section, click Ask Password.
-
Select the Enable User Email Verification check box.
-
You may enter the confirmation email validity period (in minutes) in the Email verification code expiry time text box.
-
Click Update.
You have now configured WSO2 Identity Server to send the user account confirmation email to the registered user. Let's try it out!
Try out¶
-
To create the user account for Mark, execute the following cURL.
Tip
Make sure to enter a valid user email.
curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"Mark","givenName":"Roe"},"userName":"Mark","password":"password","emails":[{"primary":true,"value":"<USER_EMAIL>"}],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{verifyEmail:"true"}}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users
Using special characters in the username
Note that the special characters
@
,/
,\
,!
,(
,)
,*
,~
,<
,>
, and whitespaces are not allowed in usernames as they have been reserved for other purposes. See Usernames in WSO2 Identity Server for more information on this. -
An email requesting to confirm the user creation is sent to the given email address.
-
To verify account creation, click Confirm Account.