User Registration
Enable users to register themselves in an Identity Pool or have your organization administrators initiate user registration.
User Registration Capabilities
SecureAuth's offers easy and customizable user registration flow through both high and low-level APIs. It's designed for scalability and ease of integration.
There are four ways to create a user in SecureAuth CIAM Platform:
The user register themselves with SecureAuth platform built-in Registration Page.
Organization/Identity Pool Admin invites the user to register themselves.
Organizations may integrate with SecureAuth platform and implement their own registration pages.
Registration during Social Sign In - the user and their attributes are provisioned from the external Identity Provider.
User Self-Registration
SecureAuth platform provides fully functional and brandable registration pages that lead users through the registration process.
You can access the User Registration Page by modifying the below URL and pasting it into your browser:
https://<tenant_id>.authz.cloudentity.io/tenant_id/identity/<identity_pool_id>/register
Brandable User Registration Pages And Messages
Every page the users sees while registering themselves can be branded. For example, you can modify the colors, logo, font size, or completely redefine templates.
Additionally, every message the user gets during their registration can be branded.
Tip
While testing the registration page branding, to make registration page apply the branding you created and set for a workspace you need to add query parameter server_id
with workspace identifier value.
https://<tenant_id>.authz.cloudentity.io/tenant_id/identity/<identity_pool_id>/register?server_id=<workspace_id>
Admin-Initiated User Registration
Organizations may require that a pre-established user is created either with an initial password set or by sending an invitation email. This approach is frequently employed when the user entry needs to be prepared beforehand, for example, with a specified permissions, before granting them access to the account.
SecureAuth addresses the aforementioned challenges by offering an advanced Administration Portal as well as a business-centered B2B/Delegated Administration Portal. Admin users can registers using both.
Create Users With Password
Admin users can create users with an initial password set as well as control whether the user needs to set a new one after logging in for the first time.
All user-specific data must be provided and adhere to the schemas for both the payload and metadata. The registration form displays all requisite fields and performs inline data validation.
Invite Users to Create Accounts
Admin users can create a user and invite them to finish their account creation process. After the admin provides the crucial user data, they can create the user entity. An email is automatically sent to the user's provided email allowing them to finish their account creation process.
User Registration Invite Message Branding
Upon choosing the option Send invitation the user receives an email or text message containing a link to activate their account and establish their credentials. These messages can be fully customized using advanced message branding capabilities.
Developing Custom Registration Page
SecureAuth provides a rich set of Identity Pools APIs that can be used to develop custom user registration pages.
When developing a website or an application, one crucial aspect is the user registration page. While there are options to use pre-built registration solutions, building your own registration page can offer several advantages in terms of customization, tailored user experience, data security, integration flexibility, and analytics. By taking control of the registration process, you can align it with your brand identity, enhance user satisfaction, strengthen data security practices, seamlessly integrate with other components, and leverage data insights to continuously optimize the user journey.
Learn more about how to build Custom Registration Page.
Brand Messages or Send Them By Yourself
Even with a custom user registration page, users receive messages like account activation message, and more. You can:
Use SecureAuth messages and brand them to your needs.
You can modify, for example, colors, logo, font size, or completely redefine the templates.
Generate Verification Codes for account activation and send them to users yourself using the organization's preferred communication channels.
The API returns a plain text Verification Code and Extended Verification Code. You can deliver it to the user the way you want it to be.
Hyper-Scale User Registration
SecureAuth platform can easily handle massive-scale registration by having a scalable infrastructure that can accommodate a significant increase in user registrations without sacrificing performance. Employing cloud-based solutions, such as auto-scaling services, distributed databases, and load balancers, ensures the system can handle the surge in registration requests.
SecureAuth provides some intelligent engineering optimizations and tricks to ensure user experience is never degraded, including:
Automatically scaling the required resources based on the load and delay of processing user registrations.
Placing users in virtual queues, rather than trying to register all of them simultaneously and potentially overwhelming the system.
Implementing virtual caches and queues to handle registrations in memory batches to optimize database communications and eliminate latencies.
Immediate acknowledgements and “near-cache” availability of data strategies to ensure registered users can immediately authenticate, even if the memory batch they’re in hasn’t hit the database yet.
Building-in back pressure mechanisms, rate limiting, and throttling to ensure the system can work at optimal efficiency even under extreme load.
CAPTCHA challenge on user registration form.
Need to learn more? See how SecureAuth helped EQL deliver hyper sales at a massive scale
Enforcing Specific User Data During Registration
When registering a user in SecureAuth, the user entity has two properties that can be customized: a payload and a metadata. Both fields are used to store user's data - their attributes like name, group, and more. Requirements for them are described in the form of JSON-schema defining what are the possible fields and which are required. Once this is defined during registration it is verified if created user fulfill them and if not, request fails and proper exception is returned. When using SecureAuth SaaS platform for user registration the form for self registration or admin invitation is dynamically rendered based on schemas. When creating users via API you need to remember to provide all requirement data in proper format.
User Account Enumeration Prevention
User account enumeration is a common vulnerability in REST APIs that can expose sensitive information and compromise the security of user accounts. It occurs when an attacker can determine whether a specific username or email address is registered on a platform by exploiting differences in API responses.
User account enumeration is a significant security concern for REST APIs, as it can expose sensitive user data and lead to unauthorized access. By implementing robust preventative measures, such as consistent error responses, rate limiting, CAPTCHA challenges, and secure user registration practices, SecureAuth effectively mitigate the risk of account enumeration attacks.
On SecureAuth platform you can observe that APIs like self registration, request reset password etc., always returns success response regardless of actual backend process of verification of identifier uniqueness. Registration page even asks client to provide verification code on the activation account screen even if it was not send (in case of registering again with same identifier special message is sent with information that account already exists).
There is a few APIs that can be safely used which care about account enumeration like Request Reset Password or Request Address Verification. You can find a note in each of those API's documentation (swagger docs) mentioning enumeration prevention.
There is also a set of APIs that allow any operation on user and it's data that return proper errors like Create User , Add User Identifier . Those low level
APIs are mostly called by backend service process engines and should follow client's own account enumeration prevention strategy.