5.2 Register without Password
The registerEmployeeWithoutPassword
function creates a new employee on Bayun's system with supplied (companyName, companyEmployeeId) combination, and links it to Bayun user account with userId matching the supplied email address (creating one if necessary). All subsequent authentication requests for this employee will require user-credentials matching the supplied security questionsAnswers (or passphrase if set). The function takes the following parameters :
Let's say an employee has email as loginId i.e username@bayunsystems.com
.
activity : Activity Context.
companyName : Unique name of the company/tenant the registering employee belongs to, preferably in domain-name format for consistency, e.g.
bayunsystems.com
. This assumes that the user is getting access to the corresponding enterprise tenant with the same domain-name managed by their employer. In some cases the email domain of the user could be different from the domain of the tenant this user belongs to e.g.username@customdomain.com
registering on a tenant with domainbayunsystems.com
as a contractor, or on a generic tenant for individual accounts in a consumer use-case (e.g. tenant domain ofgmail.com
). In such a case, the domain-name part of the tenant is what should be used as the companyName parameter. Alternatively you can also choose to pass app's own internal companyId/tenantId for the registering employee as a parameter.companyEmployeeId : EmployeeId unique within the company, e.g.
username@bayunsystems.com
. While just the "username" portion might suffice in some cases, it is preferable to use the full loginId for consistency (especially considering that full loginId has to be anyway used for a contractor or consumer use-case). Alternatively you can also choose to pass app's own internal employeeId that is unique within the specific companyName that was used above.email : Bayun userId for the new user being registered, in the form of User Principal Name (UPN) represented as an email address e.g.
username@bayunsystems.com
. For a consumer use-case, it can be the email address provided by the user themselves, or one provided/generated by the app. If no email address is available, the app can choose to construct a dummy email by concatenating the user's companyName and companyEmployeeId, e.g. companyEmployeeId+"@"+companyName. dummy-email. This email is not needed for subsequent login requests from the registered employee (as combination of companyName and companyEmployeeId uniquely identify the employee), but the credentials associated with the corresponding userId/email (e.g. security answers) will always be used for authorizing this employee from a new device.isCompanyOwnedEmail : Whether the user email is an enterprise email address owned and controlled by the companyName provided above. Relevant only for enterprise apps that typically allow employees of a company to login via SSO (in such cases, the email and companyEmployeeId will be the same as user’s corporate email-address, and the domain-name of these will also match the domain of the tenant provided as companyName). It should otherwise be set to false by default. If it's a company-owned enterprise email address, then we know that the company owns it, and it can be deleted or reclaimed by the company for potential reassignment to another employee as desired.
authorizeEmployeeCallback : Block to be executed if employee public key authorization is pending, returns employeePublicKey.
newUserCredentialsCallback : Most developers can just leave it null for default functionality. It is used to set Security Questions & Answers for a new user being created, as well as an optional Passphrase. By default, the SDK uses Dialog to take User’s input to set Security Questions & Answers, Passphrase. Using a non-null callback function here, the developer can optionally provide a custom UI block for taking User’s input, to match with the look-and-feel of the app, instead of relying on the default dialog. If non-null, this block will need to take user input for security questions & answers, passphrase and call
setNewUserCredentials
method in the SDK. The callback is triggered to take these inputs for a new user being registered on Bayun.securityQuestionsCallback : Most developers can just leave it null for default functionality. It is used for taking answers to Security Questions from an existing Bayun User. By default, the SDK uses Dialog to take User’s input for the answers to Security Questions. The developer can optionally provide a custom UI block for taking User’s input, to match with the look-and-feel of the app, instead of relying on the default dialog. If non-null, this block will need to take user answers to the security questions as an input and call
validateSecurityQuestions
API method in the SDK. The Security Questions and QuestionIds are returned through data of the callback, in the form ofList<SecurityQuestion>
.passphraseCallback : Optional block that is called only if passphrase is enabled for an existing Bayun User. Most developers can just leave it null for default functionality. By default, the SDK uses Dialog to take user input for passphrase if it is enabled for the user. However the developer can optionally provide a custom UI block to match with the look-and-feel of the app instead of relying on the default dialog. If non-null, this block will need to take user passphrase as input and call Bayun
validatePassphrase
API for Passphrase validation.successCallback : Success block to be executed after successful user registration.
failureCallback : Failure block to be executed if user registration fails, returns
BayunError
.
Set New User Credentials
The setNewUserCredentials
function takes the following parameters :
securityQuestionsAnswers : User is required to provide five Security Questions and their Answers. Questions Answers are in the form of
List<SecurityQuestionAnswer>
. The developer can either offer a list of Security Questions from their own question-bank to make choosing easier for the user, or they can let each user craft their own questions along-with the answers. Bayun just needs any five questions or prompts for the user to provide their respective answers, which will be cryptographically intermingled together into a single complex key to ensure that independent guessing of any specific answer can’t cause any harm.passphrase : Optional Passphrase provided by the User at the time of account creation. The developer can either set it to null by default, in which case the user will need to use Security Answers for login from a new device. Or alternatively the developer can let the user choose whether to set a passphrase or not, and supply the passphrase if chosen.
authorizeEmployeeCallback : Block to be executed if employee public key authorization is pending, returns employeePublicKey.
successCallback : Success block to be executed after security questions and answers are set successfully.
failureCallback : Failure block to be executed if security questions and answers could not be set, returns
BayunError
.
Validate Security Questions
Use validateSecurityQuestions
function to validate the security questions' answers.
The function takes the following parameters :
answers : Security questions' answers of type
List<SecurityAnswer>
.authorizeEmployeeCallback : Block to be executed if employee public key authorization is pending, returns employeePublicKey.
successCallback : Success block to be executed after successful Security Questions' Answers validation.
failureCallback : Failure block to be executed if user registration fails, returns
BayunError
.
Validate Passphrase
Use validatePassphrase
function to validate the passphrase.
The function takes the following parameters :
passphrase : Passphrase to validate.
authorizeEmployeeCallback : Block to be executed if employee public key authorization is pending, returns employeePublicKey.
successCallback : Success block to be executed after successful user passphrase validation.
failureCallback : Failure block to be executed if user registration fails, returns
BayunError
.
First account of the Company registered with Bayun is the Security Admin account.
Sample Code
Last updated