diff --git a/en/identity-server/next/__pycache__/hooks.cpython-312.pyc b/en/identity-server/next/__pycache__/hooks.cpython-312.pyc new file mode 100644 index 0000000000..5f6c4c9d8b Binary files /dev/null and b/en/identity-server/next/__pycache__/hooks.cpython-312.pyc differ diff --git a/en/identity-server/next/docs/assets/img/guides/users/change-verification-settings.png b/en/identity-server/next/docs/assets/img/guides/users/change-verification-settings.png new file mode 100644 index 0000000000..daf78817fd Binary files /dev/null and b/en/identity-server/next/docs/assets/img/guides/users/change-verification-settings.png differ diff --git a/en/identity-server/next/docs/assets/img/guides/users/my-account-mobile-verification-code.png b/en/identity-server/next/docs/assets/img/guides/users/my-account-mobile-verification-code.png new file mode 100644 index 0000000000..7f3d5ed317 Binary files /dev/null and b/en/identity-server/next/docs/assets/img/guides/users/my-account-mobile-verification-code.png differ diff --git a/en/identity-server/next/docs/assets/img/guides/users/my-account-verify-email.png b/en/identity-server/next/docs/assets/img/guides/users/my-account-verify-email.png new file mode 100644 index 0000000000..c9901e4fcb Binary files /dev/null and b/en/identity-server/next/docs/assets/img/guides/users/my-account-verify-email.png differ diff --git a/en/identity-server/next/docs/assets/img/guides/users/my-account-verify-mobile.png b/en/identity-server/next/docs/assets/img/guides/users/my-account-verify-mobile.png new file mode 100644 index 0000000000..abd337b44b Binary files /dev/null and b/en/identity-server/next/docs/assets/img/guides/users/my-account-verify-mobile.png differ diff --git a/en/identity-server/next/docs/guides/users/attributes/email-verification-on-update.md b/en/identity-server/next/docs/guides/users/attributes/email-verification-on-update.md new file mode 100644 index 0000000000..4da6924eba --- /dev/null +++ b/en/identity-server/next/docs/guides/users/attributes/email-verification-on-update.md @@ -0,0 +1 @@ +{% include "../../../../../../includes/guides/users/attributes/email-verification-on-update.md" %} diff --git a/en/identity-server/next/docs/guides/users/attributes/mobile-verification-on-update.md b/en/identity-server/next/docs/guides/users/attributes/mobile-verification-on-update.md new file mode 100644 index 0000000000..d40cc67130 --- /dev/null +++ b/en/identity-server/next/docs/guides/users/attributes/mobile-verification-on-update.md @@ -0,0 +1 @@ +{% include "../../../../../../includes/guides/users/attributes/mobile-verification-on-update.md" %} diff --git a/en/identity-server/next/docs/guides/users/attributes/user-attribute-change-verification.md b/en/identity-server/next/docs/guides/users/attributes/user-attribute-change-verification.md new file mode 100644 index 0000000000..ed115cab5e --- /dev/null +++ b/en/identity-server/next/docs/guides/users/attributes/user-attribute-change-verification.md @@ -0,0 +1 @@ +{% include "../../../../../../includes/guides/users/attributes/user-attribute-change-verification.md" %} \ No newline at end of file diff --git a/en/identity-server/next/mkdocs.yml b/en/identity-server/next/mkdocs.yml index 1461a95bf6..47840d3b8f 100644 --- a/en/identity-server/next/mkdocs.yml +++ b/en/identity-server/next/mkdocs.yml @@ -162,8 +162,9 @@ plugins: 'guides/identity-lifecycles/configure-active-directory-user-stores-for-scim-2.0-based-inbound-provisioning.md': 'guides/users/user-stores/configure-active-directory-user-stores-for-scim2.md' 'guides/identity-lifecycles/sp-for-inbound-provisioning.md': 'guides/users/manage-users.md' 'guides/identity-lifecycles/self-register-verification.md': 'guides/account-configurations/user-onboarding/self-registration.md' - 'guides/identity-lifecycles/enable-email-account-verification-for-an-updated-email-address.md': 'guides/users/attributes/manage-attributes.md' - 'guides/identity-lifecycles/enable-verification-for-updated-mobile-number.md': 'guides/users/attributes/manage-attributes.md' + 'guides/identity-lifecycles/enable-email-account-verification-for-an-updated-email-address.md': 'guides/users/attributes/email-verification-on-update.md' + 'guides/identity-lifecycles/enable-verification-for-updated-mobile-number.md': 'guides/users/attributes/mobile-verification-on-update.md' + 'guides/my-account/my-account.md': 'guides/user-self-service/configure-self-service-portal.md' 'guides/user-self-service/customer-self-service-portal.md': 'guides/user-self-service/configure-self-service-portal.md' 'guides/my-account/manage-own-profile.md': 'guides/user-self-service/update-profile-info.md' @@ -525,7 +526,11 @@ nav: - SCIM2 attribute mappings: guides/users/attributes/manage-scim2-attribute-mappings.md - Configure email address as the username: guides/users/attributes/enable-email-as-username.md - Configure unique attributes: guides/users/attributes/configure-unique-attributes.md - - Configure user attribute change verification: guides/users/attributes/user-attribute-change-verification.md + - Verify changes when updating attributes: + - Configure verification settings: guides/users/attributes/user-attribute-change-verification.md + - Try it out: + - Email address update verification: guides/users/attributes/email-verification-on-update.md + - Mobile number update verification: guides/users/attributes/mobile-verification-on-update.md - Manage user stores: - Manage user stores: guides/users/user-stores/index.md - Configure the primary user store: diff --git a/en/includes/guides/users/attributes/email-verification-on-update.md b/en/includes/guides/users/attributes/email-verification-on-update.md new file mode 100644 index 0000000000..fc360791ec --- /dev/null +++ b/en/includes/guides/users/attributes/email-verification-on-update.md @@ -0,0 +1,263 @@ +# Try out email address update verification + +Email address verification ensures that when a user updates their primary email address, a verification request is triggered to the new email address. The primary email address will not change until the new email address is verified. If you have enabled [multiple email addresses per user]({{base_path}}/guides/users/attributes/manage-attributes/#assign-multiple-email-addresses-and-mobile-numbers-to-a-user), users can maintain several verified email addresses and designate one as the primary email address. + +!!! note + - This feature can be invoked via a PUT/PATCH request to the SCIM 2.0 /Users endpoint or /Me endpoint. + - The verification on update capability is **only** supported for the `http://wso2.org/claims/emailAddresses` and + `http://wso2.org/claims/verifiedEmailAddresses` claims. + - Verification is not triggered if the email address to be updated is the same as a previously verified email address of the user. + +## Prerequisites + +- [Configure the email sending module]({{base_path}}/deploy/configure/email-sending-module/) of the {{product_name}}. + +- If required, enable [support for multiple email addresses]({{base_path}}/guides/users/attributes/manage-attributes/#assign-multiple-email-addresses-and-mobile-numbers-to-a-user) for users. + +- Update [email verification settings]({{base_path}}/guides/users/attributes/user-attribute-change-verification/). + +## Try it out + +Follow the guides below to try out different email update scenarios. + +### Update the primary email address + +If you only support a single email address and wish to update the email address of a user, + +1. On the {{product_name}} Console, go to **User Management** > **Users**. + +2. Select a user account and go to its **Profile** tab. + +3. Under **Email**, update the user's email address. + +4. Click **Update** to save the changes. An email will be sent to the specified address for verification. The user needs to click the link provided in the email to verify the email address. + +Alternatively, you may update the email address via a PATCH operation to the [SCIM 2.0 Users endpoint]({{base_path}}/apis/scim2/scim2-users-rest-api/) as shown below. + +!!! abstract "" + + === "Request format" + ``` + curl -v -k --user : -X PATCH + https://localhost:9443/scim2/Users/ \ + -d '{ + "schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"], + "Operations":[{ + "op":, + "value": + { "emails":[{"primary":true, "value":}]} + }] + }' \ + --header "Content-Type:application/json" + ``` + === "Sample request" + + ```curl + curl -v -k --user admin:admin -X PATCH + https://localhost:9443/scim2/Users/1e624046-520c-4628-a245-091e04b03f21 \ + -d '{ + "schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"], + "Operations":[{ + "op":"replace", + "value": + { "emails":[{"primary":true,"value":"kim.jackson.new@gmail.com"}]} + }] + }' \ + --header "Content-Type:application/json" + ``` + --- + **Sample Response** + + ``` + { + "emails":[ + "kimjack@gmail.com" + ], + "meta":{ + "created":"2020-01-07T09:32:18", + "location":"https://localhost:9443/scim2/Users/1e624046-520c-4628-a245-091e04b03f21", + "lastModified":"2020-01-07T14:18:49", + "resourceType":"User" + }, + "schemas":[ + "urn:ietf:params:scim:schemas:core:2.0:User", + "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User", + "urn:scim:wso2:schema" + ], + "urn:scim:wso2:schema": { + "emailAddresses": "kimjack@gmail.com", + "verifiedEmailAddresses": "kimjack@gmail.com", + }, + "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{ + "pendingEmails":[ + { + "value":"kim.jackson.new@gmail.com" + } + ] + }, + "roles":[ + { + "type":"default", + "value":"Internal/everyone" + } + ], + "name":{ + "givenName":"kim", + "familyName":"jackson" + }, + "id":"1e624046-520c-4628-a245-091e04b03f21", + "userName":"kim" + } + ``` + +Upon receiving the response outlined above, the user will receive an email notification prompting them to verify their updated email address. Once verified, the `emailAddresses` claim (http://wso2.org/claims/emailaddress) and `verifiedEmailAddresses` claim (http://wso2.org/claims/verifiedEmailAddresses) will be updated to reflect the new email address. + +### Update the verified email addresses list + +If you have enabled support for multiple email addresses and mobile numbers, a user can have several verified email addresses and a single primary email address. + +To verify an email address, + +1. On the {{product_name}} Console, go to **User Management** > **Users**. + +2. Select a user account and go to its **Profile** tab. + +3. Under **Email Addresses**, click the verify icon on an unverified email address of the user. + + ![Email addresses update]({{base_path}}/assets/img/guides/users/my-account-verify-email.png) + + An email will be sent to the specified address for verification. The user needs to click the link provided in the email to verify the email address. + +Alternatively, you may update the email addresses via a PATCH operation to the [SCIM 2.0 Users endpoint]({{base_path}}/apis/scim2/scim2-users-rest-api/) as shown below. + +!!! abstract "" + + === "Request format" + + ```curl + curl -v -k --user [username]:[password] -X PATCH + https://localhost:9443/scim2/Users/ \ + -d '{ + "schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"], + "Operations":[{ + "op":, + "value":{"urn:scim:wso2:schema": {"verifiedEmailAddresses": }} + }] + }' + --header "Content-Type:application/json" + ``` + === "Sample request" + + ```curl + curl -v -k --user bob:pass123 -X PATCH + https://localhost:9443/scim2/Users/1e624046-520c-4628-a245-091e04b03f21 \ + -d '{ + "schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"], + "Operations":[{ + "op":"replace", + "value":{"urn:scim:wso2:schema": {"verifiedEmailAddresses": "kimjackson@gmail.com,kim.jackson.new@gmail.com"}} + }] + }' + --header "Content-Type:application/json" + ``` + --- + + **Sample Response** + ``` + { + "emails":[ + "kimjack@gmail.com" + ], + "meta":{ + "created":"2020-01-07T09:32:18", + "location":"https://localhost:9443/scim2/Users/1e624046-520c-4628-a245-091e04b03f21", + "lastModified":"2020-01-07T14:18:49", + "resourceType":"User" + }, + "schemas":[ + "urn:ietf:params:scim:schemas:core:2.0:User", + "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User", + urn:scim:wso2:schema + ], + "urn:scim:wso2:schema": { + "emailAddresses": "kimjack@gmail.com", + "verifiedEmailAddresses": "kimjack@gmail.com", + }, + "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{ + "pendingEmails":[ + { + "value":"kim.jackson.new@gmail.com" + } + ] + }, + "roles":[ + { + "type":"default", + "value":"Internal/everyone" + } + ], + "name":{ + "givenName":"kim", + "familyName":"jackson" + }, + "id":"1e624046-520c-4628-a245-091e04b03f21", + "userName":"kim" + } + ``` + +Upon receiving the response outlined above, the user will receive an email notification prompting them to verify their updated email address. Once verified, the `verifiedEmailAddresses` claim (http://wso2.org/claims/verifiedEmailAddresses) will be updated to reflect the new email address. + +## Resend email verification + +Run the following curl command in case you want to resend the email verification. + +!!! abstract "" + + === "Request format" + + ```curl + curl -k -v -X POST https://localhost:9443/api/identity/user/v1.0/resend-code + -H "Authorization: Basic Base64(:)" + -H "Content-Type: application/json" \ + -d '{ + "user": { + "username": , + "realm": " + }, + "properties": [{ + "key":"RecoveryScenario", + "value": + }] + }' + ``` + === "Sample request" + + ``` + curl -k -v -X POST https://localhost:9443/api/identity/user/v1.0/resend-code + -H "Authorization: Basic YWRtaW46YWRtaW4=" + -H "Content-Type: application/json" \ + -d '{ + "user": { + "username": "bob", + "realm": "PRIMARY" + }, + "properties": [{ + "key":"RecoveryScenario", + "value":"EMAIL_VERIFICATION_ON_UPDATE" + }] + }' + ``` + The verification scenario should be specified in the properties parameter of the request body as follows : + ``` + "properties": [{"key": "RecoveryScenario", "value": "EMAIL_VERIFICATION_ON_UPDATE"}] + ``` + - `EMAIL_VERIFICATION_ON_UPDATE`: Used when verifying a newly updated email address for a user.
+ - `EMAIL_VERIFICATION_ON_VERIFIED_LIST_UPDATE`: Used when updating the list of verified email addresses for a + user. + --- + + **Response** + ```curl + HTTP/1.1 201 Created + ``` + diff --git a/en/includes/guides/users/attributes/mobile-verification-on-update.md b/en/includes/guides/users/attributes/mobile-verification-on-update.md new file mode 100644 index 0000000000..3e9a64392a --- /dev/null +++ b/en/includes/guides/users/attributes/mobile-verification-on-update.md @@ -0,0 +1,448 @@ +# Enable mobile number verification on update + +Mobile number verification ensures that when a user updates their primary mobile number, an SMS OTP is sent to the new number for verification. The primary mobile number remains unchanged until the new one is successfully verified. If you have enabled [multiple mobile numbers per user]({{base_path}}/guides/users/attributes/manage-attributes/#assign-multiple-email-addresses-and-mobile-numbers-to-a-user), users can maintain several verified mobile numbers and designate one as the primary mobile number. + +!!! note + - This feature can be invoked via a PUT/PATCH request to the SCIM 2.0 /Users endpoint or /Me endpoint. + - The verification on update capability is **only** supported for the `http://wso2.org/claims/mobile` and `http://wso2.org/claims/verifiedMobileNumbers` claims. + - An SMS OTP verification is not triggered if the mobile number to be updated is the same as a previously verified mobile number of the user. + +## Prerequisites + +- Configure your preferred SMS provider in {{product_name}}. + + ??? note "Configuring Twilio" + To configure Twilio as your SMS provider, follow the steps below: + + - Go to [Twilio](https://www.twilio.com/try-twilio){:target="_blank"} and create an account. + - After signing up for your account, navigate to the Phone Numbers page in your console. You’ll see the phone number that has been selected for you. Note the phone number’s capabilities, such as "Voice", "SMS", and "MMS". + - After signing up, navigate to the Phone Numbers page in your console and note the phone number’s capabilities. + - Get your first Twilio phone number and use that as the “Sender” in the settings. For more information, see this tutorial in the Twilio documentation. + - Copy the Account SID and Auth Token from the Twilio console dashboard. + - Go to **SMS Provider** section in the {{ product_name }} Console and click the **Twilio** tab and fill the required fields. + + + + + + + + + + + + + + + + + + + + + + +
NameDescriptionExample
Twilio Account SIDAccount SID received in the previous step.YourAccountSID
Twilio Auth TokenAuth token received in the previous step.YourAuthToken
SenderPhone number that you received when creating the Twilio account.+1234567890
+ + ??? note "Configuring Vonage" + + To configure Vonage as your SMS provider, follow the steps below: + + - Login to [Vonage](https://dashboard.nexmo.com/sign-in){:target="_blank"} and create an account. + - Fill in the required fields and create the account. + - Login to the Vonage dashboard and copy the API Key and API Secret. + - Go to **SMS Provider** section in the {{ product_name }} Console and click the **Vonage** tab and fill the required fields. + + + + + + + + + + + + + + + + + + + + + + +
NameDescriptionExample
Vonage API KeyUse the API Key from the previous step.YourAPIKey
Vonage API SecretUse the API Secret from the previous step.YourAPISecret
SenderThe number that the receiver will see when you send an SMS.+1234567890
+ + ??? note "Configuring a Custom Provider" + + If you are not using either Twilio or Vonage as the SMS provider, you can configure a custom SMS provider. Custom SMS provider configuration will pass the SMS data to the given URL as an HTTP request. + + To configure a custom SMS provider, in the **SMS Provider** section click the **Custom** tab and fill the required fields. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameDescriptionExample
SMS Provider URLURL of the SMS gateway where the payload should be published.https://api.example.com/api/v1
Content TypeContent type of the payload. Possible values are JSON or FORM (Optional).JSON
HTTP MethodHTTP method that should be used when publishing the payload to the provider URL. Possible values: PUT, POST (Optional). POST
Payload TemplateHow the payload template should be.
Placeholders:
\{\{body\}\} - Generated body of the SMS. (Example - This can be the OTP).
\{\{mobile\}\} - Number that this sms should be sent to.		Example JSON payload template:
{“content”: \{\{body\}\},“to”: \{\{mobile\}\}}}

(\{\{mobile\}\} and \{\{body\}\} will be replaced with the corresponding values at the runtime.)
HeadersCustom static headers need to be passed. If multiple headers need to be passed, they should be comma separated. (Optional)authorisation: qwer1234asdfzxcv, x-csrf: true, x-abc: some-value
+ +- If required, enable [support for multiple mobile numbers]({{base_path}}/guides/users/attributes/manage-attributes/#assign-multiple-email-addresses-and-mobile-numbers-to-a-user) for users. + +- Update [mobile number verification settings]({{base_path}}/guides/users/attributes/user-attribute-change-verification/). + + +## Try it out + +Follow the guides below to try out different mobile number update scenarios. + +### Update the primary mobile number + +If you only support a single mobile number and wish to update the mobile number of a user, + +1. On the {{product_name}} Console, go to **User Management** > **Users**. + +2. Select a user account and go to its **Profile** tab. + +3. Under **Mobile**, update the user's mobile number. + +4. Click **Update** to save the changes. An SMS OTP will be sent to the specified mobile number for verification. The user needs to enter the SMS OTP to verify the mobile number. + +Alternatively, you may update the mobile number via a PATCH operation to the [SCIM 2.0 Users endpoint]({{base_path}}/apis/scim2/scim2-users-rest-api/) as shown below. + +!!! abstract "" + + === "Request format" + ``` + curl -v -k --user : -X PATCH + https://localhost:9443/scim2/Users/ \ + -d '{ + "schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"], + "Operations":[{ + "op":, + "value": + { "mobileNumbers":[{"type":"mobile", "value":}]} + }] + }' \ + --header "Content-Type:application/json" + ``` + === "Sample request" + + ```curl + curl -v -k --user admin:admin -X PATCH + https://localhost:9443/scim2/Users/1e624046-520c-4628-a245-091e04b03f21 \ + -d '{ + "schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"], + "Operations":[{ + "op":"replace", + "value": + { "phoneNumbers":[{"type": "mobile", "value":"0123456789"}]} + }] + }' \ + --header "Content-Type:application/json" + ``` + --- + **Sample Response** + ``` + { + "emails": [ + "bobsmith@abc.com" + ], + "meta": { + "location": "https://localhost:9443/scim2/Users/6d433ee7-7cd4-47a3-810b-bc09023bc2ce", + "lastModified": "2020-10-12T13:35:24.579Z", + "resourceType": "User" + }, + "schemas": [ + "urn:ietf:params:scim:schemas:core:2.0:User", + "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User", + "urn:scim:wso2:schema" + ], + "roles": [ + { + "type": "default", + "value": "Internal/everyone" + } + ], + "name": { + "givenName": "Bob", + "familyName": "Smith" + }, + "id": "6d433ee7-7cd4-47a3-810b-bc09023bc2ce", + "userName": "bob123", + "phoneNumbers": [ + { + "type": "mobile", + "value": "0111111111" + } + ], + "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { + "pendingMobileNumber": "0123456789" + } + } + ``` + +### Update the verified mobile numbers list + +If you have enabled support for multiple mobile numbers, a user can have several verified mobile numbers and a single primary mobile number. + +To verify a mobile number, + +1. On the {{product_name}} Console, go to **User Management** > **Users**. + +2. Select a user account and go to its **Profile** tab. + +3. Under **Mobile**, click the verify icon on an unverified mobile number of the user. + +A verification code will be sent to your mobile number. + +![Mobile number update]({{base_path}}/assets/img/guides/users/my-account-verify-mobile.png) + +An SMS OTP will be sent to the specified mobile number for verification. The user needs to provide the OTP to verify the mobile number. + +Alternatively, you may update the mobile numbers via a PATCH operation to the [SCIM 2.0 Users endpoint]({{base_path}}/apis/scim2/scim2-users-rest-api/) as shown below. + +!!! abstract "" + + === "Request format" + + ```curl + curl -v -k --user [username]:[password] -X PATCH + https://localhost:9443/scim2/Users/ \ + -d '{ + "schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"], + "Operations":[{ + "op":, + "value":{"urn:scim:wso2:schema": {"verifiedMobileNumbers": }} + }] + }' + --header "Content-Type:application/json" + ``` + === "Sample request" + + ```curl + curl -v -k --user bob:pass123 -X PATCH + https://localhost:9443/scim2/Users/1e624046-520c-4628-a245-091e04b03f21 \ + -d '{ + "schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"], + "Operations":[{ + "op":"replace", + "value":{"urn:scim:wso2:schema": {"verifiedMobileNumbers": "0111111111,0123456789"}} + }] + }' + --header "Content-Type:application/json" + ``` + + --- + **Sample Response** + ``` + { + "emails": [ + "bobsmith@abc.com" + ], + "meta": { + "location": "https://localhost:9443/scim2/Users/6d433ee7-7cd4-47a3-810b-bc09023bc2ce", + "lastModified": "2020-10-12T13:35:24.579Z", + "resourceType": "User" + }, + "schemas": [ + "urn:ietf:params:scim:schemas:core:2.0:User", + "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User", + "urn:scim:wso2:schema" + ], + "roles": [ + { + "type": "default", + "value": "Internal/everyone" + } + ], + "name": { + "givenName": "Bob", + "familyName": "Smith" + }, + "id": "6d433ee7-7cd4-47a3-810b-bc09023bc2ce", + "userName": "bob123", + "phoneNumbers": [ + { + "type": "mobile", + "value": "0111111111" + } + ], + "urn:scim:wso2:schema": { + "mobileNumbers": "0111111111", + "verifiedMobileNumbers": "0111111111", + }, + "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { + "pendingMobileNumber": "0123456789" + } + } + ``` + +Upon receiving the response outlined above, the user will receive an SMS notification prompting them to verify their updated mobile number. Once verified, the `verifiedMobileNumbers` claim (http://wso2.org/claims/verifiedMobileNumbers) will be updated to reflect the new mobile number. + +## Validate the verification code + +When going through the mobile number verification process, users can enter the SMS OTP in the provided prompt and click **Verify** to verify the mobile number. + +![Mobile number verification code]({{base_path}}/assets/img/guides/users/my-account-mobile-verification-code.png) + +Alternatively, the validation-code API can be used to submit the SMS OTP as shown below. + +!!! abstract "" + + === "Request format" + + ```curl + curl -v -k -X POST https://localhost:9443/api/identity/user/v1.0/me/validate-code + -H "Authorization: " + -H "Content-Type: application/json" \ + -d '{ "code": "", + "properties": [] + }' + ``` + === "Sample request" + + ```curl + curl -v -k -X POST https://localhost:9443/api/identity/user/v1.0/me/validate-code + -H "Authorization: Ym9iOmJvYjEyMw==" + -H "Content-Type: application/json" \ + -d '{ "code": "1234", + "properties": [] + }' + ``` + --- + **Response** + ``` + "HTTP/1.1 202 Accepted" + ``` + +## Resend the verification code + +Users can request for a new SMS OTP code by simply clicking the `Resend verification code` button in the shown prompt + +![Mobile number verification code]({{base_path}}/assets/img/guides/users/my-account-mobile-verification-code.png) + +Alternatively, the resend-code API can be used to resend the SMS OTP as shown below. + +### By a non-privileged user + +The following command can be used by users themselves to receive a new SMS OTP. + +!!! abstract "" + + === "Request format" + + ```curl + curl -X POST https://localhost:9443/api/identity/user/v1.0/me/resend-code + -H "Authorization: " + -H "Content-Type: application/json" \ + -d '{ "properties": [{ + "key": "RecoveryScenario", + "value": "" + }] + }' + ``` + === "Sample request" + + ```curl + curl -X POST https://localhost:9443/api/identity/user/v1.0/me/resend-code + -H "Authorization: Ym9iOmJvYjEyMw==" + -H "Content-Type: application/json" \ + -d '{ "properties": [{ + "key": "RecoveryScenario", + "value": "MOBILE_VERIFICATION_ON_UPDATE" + }] + }' + ``` + + The verification scenario should be specified in the `properties` parameter of the request body as follows: + + - `MOBILE_VERIFICATION_ON_UPDATE`: Used when verifying a newly updated mobile number for a user.
+ - `MOBILE_VERIFICATION_ON_VERIFIED_LIST_UPDATE`: Used when updating the list of verified mobile numbers for a user. + --- + + **Response** + ``` + "HTTP/1.1 201 Created" + ``` + +### By a privileged user + +The following command can be used by privileged users to send an SMS OTP on behalf of a user. + +!!! abstract "" + + === "Request format" + + ```curl + curl -X POST https://localhost:9443/api/identity/user/v1.0/resend-code + -H "Authorization: " + -H "Content-Type: application/json" \ + -d '{ + "user": { + "username": , + "realm": " + }, + "properties": [{ + "key":"RecoveryScenario", + "value": + }] + }' + ``` + === "Sample request" + + ```curl + curl -X POST https://localhost:9443/api/identity/user/v1.0/resend-code + -H "Authorization: YWRtaW46YWRtaW4=" + -H "Content-Type: application/json" \ + -d '{ + "user": { + "username": "bob", + "realm": PRIMARY" + }, + "properties": [{ + "key":"RecoveryScenario", + "value":"MOBILE_VERIFICATION_ON_UPDATE" + }] + }' + ``` + + The verification scenario should be specified in the request body as follows: + + - `MOBILE_VERIFICATION_ON_UPDATE`: Used when verifying updated primary mobile number. + - `MOBILE_VERIFICATION_ON_VERIFIED_LIST_UPDATE`: Used when updating the list of verified mobile numbers. + + --- + **Response** + ``` + "HTTP/1.1 201 Created" + ``` + diff --git a/en/includes/guides/users/attributes/user-attribute-change-verification.md b/en/includes/guides/users/attributes/user-attribute-change-verification.md index e89b5b9a61..712b89afd2 100644 --- a/en/includes/guides/users/attributes/user-attribute-change-verification.md +++ b/en/includes/guides/users/attributes/user-attribute-change-verification.md @@ -1,6 +1,6 @@ -# Configure user attribute change verification +# Configure verification settings for attribute updates -This guide explains how to configure notification and verification settings when a user changes specific attributes like their email address or mobile number. These settings ensure users are properly notified or required to verify updates for security purposes. +This guide explains how to configure notification and verification settings when a user changes specific attributes like their email address or mobile number. These settings ensure users are properly notified when attributes are updated or are requested to verify critical attribute updates. Follow the steps below to configure attribute change verification settings: @@ -15,7 +15,7 @@ Follow the steps below to configure attribute change verification settings: - + @@ -23,15 +23,15 @@ Follow the steps below to configure attribute change verification settings: - + - + - +
Enable User Email Verification on UpdateWhen enabled, this setting triggers an email verification process whenever a user updates their email address.When enabled, triggers an email verification process whenever a user updates their email address.
Email verification on update link expiry time
Enable user email notification on updateWhen enabled, this setting triggers a notification email to the existing email address whenever the user attempts to update their email address.When enabled, triggers a notification email to the existing email address whenever the user attempts to update their email address.
Enable user mobile number verification on updateWhen enabled, this option triggers an SMS One-Time Password (OTP) verification process when the user updates their mobile number.When enabled, triggers an SMS One-Time Password (OTP) verification process when the user updates their mobile number.
Enable mobile number verification by Privileged UsersAllows privileged users (such as administrators) to initiate mobile number verification on behalf of other users.When enabled, allows privileged users (such as administrators) to initiate mobile number verification on behalf of other users.