Configuration: Allowed Registration Factors
đŻ Purpose
Determines which authentication factors users can register and set up during the account activation process. This configuration shapes the initial user onboarding experience and defines available security options.
đ Configuration Location
- Module: Auth Server
- Configuration Name:
allowed.reg.factors - Access Path:
Module Config Management â Auth Server â allowed.reg.factors
đ Available Configuration Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
rememberMe | boolean | true | Allow browser saving during activation |
smsOtp | boolean | true | Enable SMS OTP registration option |
emailOtp | boolean | true | Enable Email OTP registration option |
password | boolean | true | Enable password creation during activation |
securityQA | boolean | false | Enable security questions for account recovery |
đ§ Parameter Details
đ rememberMe (Registration)
- Function: Controls browser remembering option during activation
- When Enabled: "Remember Me" checkbox appears on activation screens
- User Impact: Users can immediately trust their browser after activation
- Security Consideration: Balances convenience vs. security for new users
- Workflow: Checkbox available alongside password and factor setup
đ˛ smsOtp (Registration)
- Function: Enables SMS OTP as registration option during activation
- When Enabled: SMS appears as second factor choice during setup
- User Process: Users can register mobile number and verify via SMS
- Alternative: Works alongside emailOtp as second factor option
- Requirement: SMS service must be properly configured
đ§ emailOtp (Registration)
- Function: Enables Email OTP as registration option during activation
- When Enabled: Email appears as second factor choice during setup
- User Process: Users can register email address and verify via email
- Alternative: Works alongside smsOtp as second factor option
- Requirement: Email service must be properly configured
đ password (Registration)
- Function: Controls password creation option during activation
- When Enabled: Users can set up password-based authentication
- When Disabled: Passwordless activation flow enforced
- Impact: Affects both web and mobile app authentication options
- Security: Provides traditional authentication factor option
â securityQA (Registration)
- Function: Enables security question and answer setup
- When Enabled: Users prompted to create security questions during activation
- Purpose: Provides account recovery method through knowledge-based authentication
- User Experience: Additional step in activation process
- Recovery Use: Questions used during account recovery IDV process
đ Registration Flow Impact Matrix
| Configuration | Enabled State | User Sees During Activation | Impact on User Options |
|---|---|---|---|
rememberMe = true | â Enabled | "Remember Me" checkbox | Can trust browser immediately |
rememberMe = false | â Disabled | No browser saving option | Must authenticate fully next time |
smsOtp = true | â Enabled | SMS as 2FA option | Can use mobile number for auth |
smsOtp = false | â Disabled | No SMS option | Must use other 2FA methods |
emailOtp = true | â Enabled | Email as 2FA option | Can use email address for auth |
emailOtp = false | â Disabled | No email option | Must use other 2FA methods |
password = true | â Enabled | Password creation fields | Traditional password auth available |
password = false | â Disabled | No password setup | Passwordless activation only |
securityQA = true | â Enabled | Security questions setup | Q&A available for recovery |
securityQA = false | â Disabled | No security questions | No Q&A recovery method |
đ Registration Process Flow
Standard Activation Flow (Most Options Enabled)
- Password Setup: User creates password (if
password = true) - Browser Option: User chooses to remember browser (if
rememberMe = true) - Second Factor Selection: User chooses between SMS or Email (based on enabled options)
- Factor Registration: User completes chosen second factor setup
- Security Questions: User creates Q&A pairs (if
securityQA = true) - Completion: User redirected to configured endpoint
Minimal Configuration Flow
- Ditto ID Mobile Only: User activates with mobile app factors only
- No Web Factors: Skip password, SMS, and email setup
- Mobile Dependencies: User must have Ditto ID mobile app
- Limited Recovery: Fewer account recovery options available
đŻ Configuration Scenarios and Use Cases
đ˘ Enterprise Security Scenario
đ Consumer-Friendly Scenario
đą Mobile-First Scenario
Updated 4 months ago