11.4 Configuring the Create Portlet for Self-Registration

You can configure the Create portlet so that guest users are able to self-register. Enabling anonymous access to the create portlet is a two-step process. First, configure a Create portlet instance for anonymous use, then create a shared page to host the new portlet instance. You have the option to force the newly registered user to log in or to allow anonymous access to other identity self-service features. To create a portlet instance:

  1. Go to the Portlet Admin page.

  2. Register and name a new instance of the CreatePortlet, for example, Self Registration.

  3. Select the new portlet instance, then click Settings.

  4. Set Require Authentication to false, then click Save Settings.

  5. Select Preferences and modify the preferences as needed.

    For example, you could specify a DetailPortlet that supports anonymous access, or you could limit the set of attributes displayed by the default instance. (The changes you make to the default instance are reflected in other parts of the User Application that use that instance.)

    HINT:If you do specify the default DetailPortlet, the user is forced to log in when viewing the detail of the newly created object. For details, see Section 11.4.1, Guest Access Required Settings

To create a shared page:

  1. Go to the Page Admin tab.

  2. Create a new page.

  3. Under Assign Categories, select Guest Pages. You can select other categories if you also want logged-in users to see this.

  4. Click Save Page.

  5. Click Select Content, add the new instance to the page, then click Save Contents.

  6. Click Assign Permissions and make sure that View Permissions Set to Admin Only is unselected.

  7. Save the page.

11.4.1 Guest Access Required Settings

Other required settings include:

  • Create container: Every entity requires a create container. You can define a default create container for each entity type in the directory abstraction layer, or you can allow the user to select one. When you specify a default create container for the entity type, the user is never prompted for the container. When you do not specify a default, the user must select one. To allow anonymous users access to the selection list, you must change the ContainerLookupPortlet setting Require Authentication to false. For more information about the default Create container, see the section on the directory abstraction layer editor in the Identity Manager User Application: Design Guide.

  • Identity Vault Rights: The user is initially the guest user. When he or she self-registers, the User Application writes an object to the create container. To create a user object, the guest user must have create [Entry rights] in the container where new users are created. This could be inherited or restricted by using an inherited rights filter. The guest user must also have Write rights to the attribute(s) that they are allowed to create.

  • DNLookup controls: If the user is required to provide a value for an attribute defined as a control type of DNLookup, you need to change the ParamlistPortlet setting Requires authentication to false.

  • Detail portlet: When the object is successfully created, the portlet displays a link to the object displayed, via the Detail portlet. The default Detail portlet requires authentication so that users are forced to log in with the new identity credentials before they are able to view the detail. You can create a separate instance of the detail portlet for anonymous login, or you can modify the default detail portlet so that Requires authentication is set to false. See Section 12.6, Setting up Detail for Anonymous Access.

  • Passwords: If you allow an anonymous user to create an entity that requires a password, you must ensure that the anonymous account has the rights to create a password.