5.2 Register without Password
TheregisterWithCompanyName:companyEmployeeId:email:isCompanyOwnedEmail:bayunAppCredentials:newUserCredentialsCallback:securityQuestionsCallback:passphraseCallback:authorizeEmployeeCallback:success:failure:
function creates a new employee on Bayun's system with supplied (companyName, companyEmployeeId) combination, and links it to Bayun user account with userId matching the supplied email address (creating one if necessary). All subsequent authentication requests for this employee will require user-credentials matching the supplied security questionsAnswers (or passphrase if set).
Let's say an employee has email as loginId i.e username@bayunsystems.com
.
companyName : Unique name of the company/tenant the registering employee belongs to, preferably in domain-name format for consistency, e.g.
bayunsystems.com
. This assumes that the user is getting access to the corresponding enterprise tenant with the same domain-name managed by their employer. In some cases the email domain of the user could be different from the domain of the tenant this user belongs to e.g.username@customdomain.com
registering on a tenant with domainbayunsystems.com
as a contractor, or on a generic tenant for individual accounts in a consumer use-case (e.g. tenant domain ofgmail.com
). In such a case, the domain-name part of the tenant is what should be used as the companyName parameter. Alternatively you can also choose to pass app's own internal companyId/tenantId for the registering employee as a parameter.uiViewController : UIViewController of application.
companyEmployeeId : EmployeeId unique within the company. E.g.
username@bayunsystems.com
While just the "username" portion might suffice in some cases, it is preferable to use the full loginId for consistency (especially considering that full loginId has to be anyway used for a contractor or consumer use-case). Alternatively you can also choose to pass app's own internal employeeId that is unique within the specific companyName that was used above.email : Bayun userId for the new user being registered, in the form of User Principal Name (UPN) represented as an email address e.g.
username@bayunsystems.com
. For a consumer use-case, it can be the email address provided by the user themselves, or one provided/generated by the app. If no email address is available, the app can choose to construct a dummy email by concatenating the user's companyName and companyEmployeeId, e.g. <companyEmployeeId>@<companyName>.dummy-email. This email is not needed for subsequent login requests from the registered employee (as combination of companyName and companyEmployeeId uniquely identify the employee), but the credentials associated with the corresponding userId/email (e.g. security answers) will always be used for authorizing this employee from a new device.isCompanyOwnedEmail : Whether the user email is an enterprise email address owned and controlled by the companyName provided above. Relevant only for enterprise apps that typically allow employees of a company to login via SSO (in such cases, the email and companyEmployeeId will be the same as user’s corporate email-address, and the domain-name of these will also match the domain of the tenant provided as companyName). It should otherwise be set to false by default. If it's a company-owned enterprise email address, then we know that the company owns it, and it can be deleted or reclaimed by the company for potential reassignment to another employee as desired.
bayunAppCredentials :
BayunAppCredentials
instance is initialized with AppId, AppSecret and Salt.authorizeEmployeeCallback : Block to be executed if employee public key authorization is pending, returns employeePublicKey.
newUserCredentialsCallback : Most developers can just leave it null for default functionality. It is used to set Security Questions & Answers for a new user being created, as well as an optional Passphrase. By default, the SDK uses AlertView to take User’s input to set Security Questions & Answers, Passphrase. Using a non-null callback function here, the developer can optionally provide a custom UI block for taking User’s input, to match with the look-and-feel of the app, instead of relying on the default alert-view. If non-null, this block will need to take user input for security questions & answers, passphrase and call
setNewUserCredentials
method in the SDK. The callback is triggered to take these inputs for a new user being registered on Bayun.securityQuestionsCallback : Most developers can just leave it null for default functionality. It is used for taking answers to Security Questions from an existing Bayun User. By default, the SDK uses AlertView to take User’s input for the answers to Security Questions. The developer can optionally provide a custom UI block for taking User’s input, to match with the look-and-feel of the app, instead of relying on the default alert-view. If non-null, this block will need to take user answers to the security questions as an input and call
validateSecurityQuestions
method in the SDK. The Security Questions and QuestionIds are returned in the callback, in the form ofNSArray<SecurityQuestion>
.passphraseCallback : Optional block that is called only if passphrase is enabled for an existing Bayun User. Most developers can just leave it null for default functionality. By default, the SDK uses AlertView to take user input for passphrase if it is enabled for the user. However the developer can optionally provide a custom UI block to match with the look-and-feel of the app instead of relying on the default alert-view. If non-null, this block will need to take user passphrase as input and call
validatePassphrase
method in the SDK for Passphrase validation.success : Success block to be executed after successful registration.
failure : Failure block to be executed if registration fails, returns
BayunError
.
Set New Credentials
The setNewUserCredentials:passphrase:authorizeEmployee:success:failure:
is used to set Security Questions & Answers for a new user being created, as well as an optional Passphrase. By default, the SDK uses AlertView to take User’s input to set Security Questions & Answers, Passphrase. The developer can optionally provide a custom UI block i.e newUserCredentialsCallback
in registerWithCompanyName:companyEmployeeId:email:isCompanyOwnedEmail:bayunAppCredentials:newUserCredentialsCallback:securityQuestionsCallback:passphraseCallback:authorizeEmployeeCallback:success:failure:
method for taking User’s input, to match with the look-and-feel of the app, instead of relying on the default alert-view.
securityQuestions :
NSArray<SecurityQuestionAnswer>
with five objects to set.passphrase : Optional, if passphrase is to be enabled.
authorizeEmployeeCallback : Block to be executed if employee public key authorization is pending, returns employeePublicKey.
success : Success block to be executed if credentials are set successfully and registration is complete.
failure : Failure block to be executed if credentials are not set or registration fails, returns
BayunError
.
Validate Security Questions
Use validateSecurityQuestions
function to validate the security questions' answers.
The function takes the following parameters :
answers :
NSArray<SecurityAnswer>
with five objects.authorizeEmployeeCallback : Block to be executed if employee public key authorization is pending, returns employeePublicKey.
success : Success block to be executed after successful Security Questions' Answers validation.
failure : Failure block to be executed if security answers validation or registration fails, returns
BayunError
.
Validate Passphrase
Use validatePassphrase
function to validate the passphrase.
The function takes the following parameters :
passphrase : Passphrase to validate.
authorizeEmployeeCallback : Block to be executed if employee public key authorization is pending, returns employeePublicKey.
success : Success block to be executed after successful user passphrase validation.
failure : Failure block to be executed if passphrase validation or registration fails, returns
BayunError
.
First account of the Company registered with Bayun is the Security Admin account.
Sample Code
Last updated