4.6 Enabling User Activation

The User Activation module allows first-time users to activate their account and set a temporary password. This feature helps user activating their account when the account is created by a person that does not have an established channel to send the password to the user. You should configure the settings to allow only those users to activate the account who have never been authenticated. This behavior may differ depending on the configuration and directory type.

Perform the following steps:

  1. In Configuration Editor, click Modules > User Activation.

  2. Click View > Always Show Advanced Settings to see and configure the advanced settings.

  3. Configure the following settings:

    Setting

    Description

    Enable User Activation

    Select this check box.

    After enabling this, users can activate their account by clicking Activate Account on the login page.

    Token Send Method(s)

    Select a method for sending token code the user. The available methods include:

    • None - Token verification will not be performed

    • Email Only - Send to email address

    • SMS Only - Send via SMS

    • Both - Send token to both email and SMS

    • Email First - Try to send token via email; if no email address is available, send via SMS

    • SMS First - Try to send token via SMS; if no SMS number is available, send via email

    Activate User Agreement Message

    Specify a message to display to users before they activate their account. You can include HTML tags in the message.

    If you leave this field blank, the system does not display the Activate User Agreement message.

    Activate User Form

    Specify the attributes a user requires to provide during user activation.

    Activation Search Filter

    Specify a filter to find users during user activation. Include each attribute configured in Activate User Form in the search filter. Strings encoded with a percent sign (%) are replaced with values supplied by the user.

    For example, if Activate User Form includes cn and sn attributes, the filter would be (&(objectClass=person)(cn=%cn%)(sn=%sn%)).

    Activation Query Match

    Specify a query.

    The system allows only those users to activate the account who match this query, have never been authenticated, and are enabled to activate.

    You can use any attribute to configure this option. The default attribute is (&(objectclass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(|(lastLogon=0)(!(lastLogonTimestamp=*)))).

    Activation Actions (Before Password Change)

    Specify the actions that the system will execute before the user configures a password post-activation. You can use macros.

    Post-Activation Actions (After Password Change)

    Specify the actions that the system executes after users activate their accounts and set their initial passwords. You can use macros.

  4. Click Actions > Save.