PingAM 8.0.0

Configure user registration

User self-registration lets end users create their own accounts in AM.

Configure AM for user self-registration

Although you can configure user self-registration without any additional security mechanisms, such as email verification or KBA security questions, you should configure the email verification service with user self-registration at a minimum.

  1. In the AM admin UI, configure the email service.

  2. Go to Realms > Realm Name > Services and select User Self-Service.

  3. On the User Registration tab, enable User Registration.

  4. Enable Captcha to turn on the Google reCAPTCHA plugin. Make sure you have configured the plugin, as described in Configure the Google reCAPTCHA plugin.

  5. Enable Email Verification to turn on the email verification service. You should leave Email Verification enabled, so users who self-register must perform email address verification.

  6. Enable Verify Email before User Detail to verify the user’s email address before requesting the user details.

    By default, the user self-registration flow validates the email address after the user has provided their details.

  7. Enable Security Questions to display security questions during the self-registration process.

    If you enable security questions, the user is presented with the configured questions during the forgotten password and forgotten username flows. The user must answer these questions in order to reset their passwords or retrieve their usernames.

  8. In the Token LifeTime field, set an appropriate number of seconds for the token lifetime. If the token lifetime expires before the user self-registers, they’ll need to restart the registration process.

    Default: 300 seconds.

  9. To customize the user registration outgoing email, follow these steps:

    • In the Outgoing Email Subject field, enter the subject line of the email.

      The syntax is lang|subject-text, where lang is the ISO-639 language code, such as en for English, or fr for French. For example, the subject line values could be: en|Registration Email and fr|E-mail d’inscription.

    • In the Outgoing Email Body field, enter the text of the email.

      The syntax is lang|email-text, where lang is the ISO-639 language code. The email body text must be all on one line, and can contain any HTML tags within the body of the text.

      For example:

      en|Thank you for registering with example.com! Click <a href="%link%">here</a> to register.`

  10. In the Valid Creation Attributes field, enter the attributes the user can set during registration.

    These attributes are based on the AM identity repository.

  11. For Destination After Successful Registration, select one of the following options:

    • auto-login. User is automatically logged in and sent to the appropriate page within the system.

    • default. User is sent to a success page without being logged in. In this case, AM displays a "You have successfully registered" page. The user can then click the Login link to log in to AM. This is the default selection.

    • login. User is sent to the login page to authenticate.

  12. Save your changes.

  13. On the Advanced Configuration tab, configure the User Registration Confirmation Email URL for your deployment. The default is: https://am.example.com:8443/am/XUI/?realm=${realm}#register/.

  14. Save your changes.

User management of passwords and security questions

Once the user has self-registered to your system, they can change their password and security questions at any time on the user profile page. The user profile page provides tabs to carry out these functions.

The User Profile page supports the ability to change the user’s password on the Password tab.
Figure 1. User Profile Page Password Tab
The User Profile page supports the ability to change the user’s security questions on the Security Questions tab.
Figure 2. User Profile Page Security Questions Tab