Notes
⚠️ Critical Requirements and Constraints
👤 User State Prerequisites
- Required States: User must be in CREATED or RESET state before activation
- CREATED State: Newly enrolled users who haven't completed initial activation
- RESET State: Existing users whose credentials have been reset by administrator
- Invalid States: ACTIVE, BLOCKED, or DELETED users cannot use activation flow
🎫 Token Management Requirements
- Single Use Limitation: Each token can only be consumed once successfully
- No Reuse: Consumed tokens cannot be used again for activation attempts
- New Token Required: Failed or interrupted activations require new token generation
- Token Expiration: Tokens have limited lifetime and expire automatically
🚫 Page Refresh Restrictions
- Critical Limitation: Page refresh during activation process invalidates token
- User Education: Users must be warned against refreshing browser pages
- Error Recovery: Refresh-caused errors require new token to restart process
- Session Management: Activation process maintains state without page refreshes
🔧 System Configuration Dependencies
- Factor Availability: Available second factors controlled by system configuration
- Registration Settings:
allowed.reg.factorsdetermines user options - Admin Override: System administrators control which factors users can register
- Dynamic Options: User sees only factors enabled in current configuration
🔗 Integration and Cross-Platform Notes
📱 Mobile App Integration
- Password Reuse: Web activation password can be used for mobile app login
- Configuration Dependent: Mobile password usage depends on REL-ID system settings
- Applicable Flows: Password works in mobile flows where user password is supported
- Consistency: Same password policies apply across web and mobile platforms
🔄 Process Flow Integration
- Enterprise Workflow: Activation can be embedded in larger onboarding processes
- Redirect Flexibility: Configurable redirect URIs support various integration patterns
- Token Generation: Enterprise systems can generate tokens via API calls
- Status Tracking: Enterprise can monitor activation completion through system APIs
🛠️ Administrative Considerations
📊 Configuration Impact on User Experience
| Configuration Setting | User Impact | Administrative Control |
|---|---|---|
password = false | No password option shown | Forces passwordless activation |
smsOtp = false | SMS not available as 2FA | Limits second factor choices |
emailOtp = false | Email not available as 2FA | Limits second factor choices |
rememberMe = false | No browser saving option | Increases security, reduces convenience |
securityQA = true | Additional Q&A setup required | Adds recovery method |
🔍 Reference Documentation
- Module Configuration: See REL-ID Gateway Manager Admin Manual for detailed configuration options
- Registration Factors: Refer to Module Config Management section for
allowed.reg.factors - Authentication Settings: Check Auth Server module configurations for factor controls
🚨 Troubleshooting and Error Scenarios
Token-Related Issues
| Issue | Cause | Resolution |
|---|---|---|
| Token Invalid | Token expired or already used | Generate new token |
| Token Not Found | Malformed URL or system error | Verify token generation process |
| Access Denied | User not in correct state | Check user status in system |
Configuration-Related Issues
| Issue | Cause | Resolution |
|---|---|---|
| No 2FA Options | All second factors disabled | Enable at least one registration factor |
| Password Required But Disabled | Configuration mismatch | Align password settings with requirements |
| Factor Registration Fails | Communication service issues | Check SMS/Email service configuration |
User Experience Issues
| Issue | Cause | Resolution |
|---|---|---|
| Page Refresh Error | User refreshed during activation | Generate new token and restart |
| Factor Verification Fails | Communication delays or user error | Provide resend options and clear instructions |
| Redirect Fails | Invalid or unreachable redirect URI | Verify redirect URI configuration |
📋 Best Practices for Implementation
🎯 User Experience Optimization
- Clear Instructions: Provide step-by-step guidance throughout activation
- Error Prevention: Warn users about page refresh restrictions upfront
- Progress Indicators: Show users where they are in the activation process
- Help Resources: Provide contact information for activation support
🔒 Security Recommendations
- Token Lifetime: Use appropriate token expiration periods (not too long, not too short)
- Factor Diversity: Enable multiple second factor options for user choice
- Policy Enforcement: Implement strong password policies aligned with security requirements
- Monitoring: Track activation success rates and common failure points
🔧 System Administration
- Configuration Testing: Validate configuration changes in test environment
- User Communication: Notify users of changes to available activation options
- Support Preparation: Train support staff on activation process and common issues
- Analytics: Monitor activation metrics to identify improvement opportunities
Updated 15 days ago