Menu
▾
▴
[Unity-idm-discuss] Account acceptance and email confirmation workflow
|
From: Willem E. <wi...@cl...> - 2018-02-08 09:36:15
|
Dear Krzysztof, we have been been noticing a pattern with some end-user being confused with our current workflow where account acceptance and email confirmation are running in parallel. Especially when accounts are accepted before the email address is confirmed (sometime the confirmation email might end up in the spam folder or the user ignored the email). If users try to login or reset the password they get the generic error message "invalid username, credential or external authentication failed". There is no indication that the account is not active because of the unconfirmed email address. 1. Ideally we would like to switch to a sequential accept and confirm workflow, where the email confirmation link is included in the acceptance email. So (1) an admin accepts the account request, (2) this triggers sending the acceptance email to the user with a confirmation link included, (3) after confirming the email address the account is ready to be used. Is such a workflow currently supported? If not we would like to make this a feature request. 2. Additionally the error message in this case be improved, so it is clear to the user that confirmation is still required? I guess the downside here is that this could be abused to leak information about what accounts might exist or not. Best, Willem -- Willem Elbers CLARIN ERIC www.clarin.eu | tel: +31-(0)85-0091277 | skype: wjm.elbers |
