Flow Settings

Note: To configure flow settings, you should first set up the master settings and then create a flow setting based on the master settings.

Flow setting list

In the Admin Console, click the Flow Settings tab on the left, and you'll see Flows table view on the right.

Flows table contains following fields,

• Flow Name: A "flow name" refers to the specific method or sequence of steps used to authenticate users and obtain access to protected resources in an application or system.

• Description: A "flow description" refers to a detailed explanation or documentation of the steps involved in a specific authentication flow. An authentication flow defines the sequence of interactions and exchanges of information between various parties, such as the client application, the user, and the authentication server or identity provider, to authenticate the user and grant access to protected resources.

• Updated On: A Flow timestamp when the user was updated the flow last time.

Input a keyword in the search box above the Flow table, click the 'Search' button, and you'll see the matching Flows in the table. Search using Flow Name.

Create Flow

Top right corner Create Flow button is there. through that you can create a new Flow.

To Create a Flow need to fill the following fields,

Basic Flow Details

Flow Name: A "flow name" refers to the specific method or sequence of steps used to authenticate users and obtain access to protected resources in an application or system.

Description: A "flow description" refers to a detailed explanation or documentation of the steps involved in a specific authentication flow. An authentication flow defines the sequence of interactions and exchanges of information between various parties, such as the client application, the user, and the authentication server or identity provider, to authenticate the user and grant access to protected resources.

Configure

Client Details: Select Client Type

Refer:

Client Details: Select Client

List of created client list will in this clients dropdown.

Once you selected Client type and Client, Click on the save button to create a flow. Once you done with the flow creation we can set the Common Settings, Login Settings, Registration Settings.

Common Settings

• Forgot Password Settings:

Enable forgot password option in login page: You can enable this option if you want to enable forgot password option in login screen. Otherwise disable this option.

Send Exact reply to user:

Do you want to notify user after successful reset? : After reset success if you want to notify the user then enable this option. Otherwise disable it.

• Template Settings:

Refer: Give link -> Settings -> Template

Template is a notification template configuration which will sent to user in certain operations.

• Hosted Page:

Refer: Give link -> Settings -> Hosted Page

• Password Policy:

Refer: Give link -> Settings -> Password Policy

• Scheduler Workflow:

Refer: Give link -> Workflow -> Approval Workflow

• Captcha Configuration:

Refer: Give link -> Settings -> Captcha

• Security Configuration:

Enable Cache:

Enabling CAPTCHA in the security configuration of authentication is a security measure used to protect against automated bots and malicious activities during the user authentication process. CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart."

The purpose of CAPTCHA is to verify that the user attempting to log in or access a certain resource is a real human and not a computer program or bot trying to perform automated attacks, such as brute-force attacks, credential stuffing, or other forms of unauthorized access.

Enable Token Encryption:

Enabling token encryption in authentication refers to the process of encrypting security tokens before they are transmitted over a network or stored in a data store. Security tokens are used in various authentication and authorization protocols (such as OAuth 2.0, OpenID Connect, and SAML) to represent and carry information about a user's identity and access rights.

Token encryption is an essential security measure to protect the confidentiality and integrity of these tokens, ensuring that sensitive information remains secure during transmission and storage. Without encryption, tokens may be vulnerable to interception, tampering, or unauthorized access, potentially leading to security breaches and unauthorized access to user accounts or resources.

Do you want to enable strict transport policy ?

Enabling Strict Transport Security (HSTS) in authentication is a security mechanism designed to enhance the protection of web applications against certain types of attacks, specifically those related to man-in-the-middle (MITM) and downgrade attacks. HSTS instructs web browsers to always connect to a website over a secure HTTPS connection, even if the user enters an HTTP URL or follows an insecure link.

When HSTS is enabled, the web server includes an HTTP response header called "Strict-Transport-Security" in its HTTPS responses. This header contains a security policy that informs the user's web browser to communicate with the website only via HTTPS for a specified duration. Once the browser receives this HSTS header, it will automatically redirect all HTTP requests to the HTTPS version of the website for the specified time, reducing the risk of exposure to various security threats.

Enable client token validation

Enabling client token validation in authentication refers to the process of validating and verifying the authenticity and integrity of tokens presented by client applications during the authentication and authorization process. Tokens play a crucial role in modern authentication protocols, such as OAuth 2.0 and OpenID Connect, where they are used to represent and carry information about a user's identity and access rights.

Client token validation is an essential security measure to ensure that the tokens provided by client applications are legitimate and have not been tampered with or forged by malicious actors. Validating client tokens helps prevent various forms of token-based attacks, such as token replay attacks, token substitution attacks, and token forgery.

Enable token in Redirect URI

Enabling tokens in the Redirect URI refers to a mechanism used in certain authentication protocols, such as OAuth 2.0 and OpenID Connect, to include access tokens or authorization codes directly in the URL of the redirect response sent from the authorization server to the client application.

When a user successfully authenticates with the authorization server and grants the necessary permissions, the server redirects the user's web browser back to the client application's specified Redirect URI. This redirection is a critical step in the authentication process, allowing the client application to obtain the necessary credentials to access protected resources on behalf of the user.

• Enable Direct Navigation:

Enable Direct Navigation used for, If we configured only one provider and disabled the classical login then it will directly redirect to provider login screen.

Flow Overview

In Flow Overview you will get the login Url & Registration Url. Using this authorization endpoint you can initiate the login/registration page.

Login Settings

Once you created the flow you can see flow login page settings.

• Pre-login Configuration

=> Provider Configuration

You can enable social login on the pre-login page. For that just check the Enable social login checkbox.

And available providers are there in the dropdown. you can select or configure needed providers.

=> Captcha Settings:

If you want Captcha configuration on the pre-login screen then enable this Captcha option.

A number of login failure attempts to show the captcha if you gave '2' then after two login failures you will get a captcha on your login screen.

Show the captcha within certain time intervals, if they exceed login attempts - This option is for how much time you need to show that captcha, so here we can set the time for the captcha.

Block user when exceeding login failure attempts: If the user exceeds the failure attempts we have three options, Never Block User, Block Forever, or Block Temporarily with time these options are straightforward.

=> Enable Registration:

This option enables the registration page link in the login screen. If you registration link then enable this option otherwise disable it.

=> Enable Passwordless Authentication:

Passwordless authentication is a method of user authentication that eliminates the need for traditional passwords. Instead of relying on a username and password combination, passwordless authentication uses alternative factors or methods to verify a user's identity. This approach aims to improve security, user experience, and convenience while reducing the risk of password-related attacks such as phishing and password reuse.

There are several common methods of passwordless authentication: Email-based authentication, SMS-based authentication, Biometric authentication, and Token-based authentication.

This option enables passwordless login authentication in the pre-login screen.

=> Enable Remember Me:

This option enables the remember me option on the login screen. If you want remember me option then enable this option otherwise disable it.

=> Enable Classical login:

This option enables the classical login on the login screen. If you want classical login then enable this option otherwise disable it.

=> Enable Multiple Login for User

The user can do multiple logins at the same time from a different location.

Post-login Configuration

=> Change Password After Password Reset

=> Allowed Login Types

If you enabled email then you can login using your registered mail Id, else if you enabled mobile then you can use your registered mobile number for login. if you enabled both then you can use both email & mobile number for login.

=> Consent Configurations

Settings -> Consent link

if you want consent in your post-login screen then you can bind.

=> MFA Settings

Enable: If you want MFA in your flow then you can enable this option.

=> Register with Login Information

Registration Settings

Once you have created the flow you can see flow Registration settings on edit flow Page.

Click the edit Icon to Open Registration page settings page.

Pre-registration configuration

=> Provider Configuration

You can enable social login on the pre-login page. For that just check the Enable social login checkbox.

And available providers are there in the dropdown. You can select or configure the needed providers.

=> Captcha Settings:

If you want Captcha configuration on the pre-Registration screen, then enable this Captcha option.

=> Enable Login:

This option enables the Login page link in the Registration screen. If you want Login link, then enable this option otherwise to disable it.

=> Allow Disposable Settings:

The "Allow Disposable Settings" card provides you with control over the use of temporary contact information in your system. This feature lets you enable or disable the usage of disposable email addresses and mobile numbers.

Enable Email

The "Enable Email" field empowers you to decide whether users can use disposable or temporary email addresses within your system.

Enable Mobile

The "Enable Mobile" field gives you the authority to allow or disallow the usage of disposable mobile numbers. Disposable mobile numbers are temporary numbers often used for verification purposes or temporary access.

Post-registration configuration

=> Registration Form Settings

The "Registration Form Settings" section empowers you to customize the user onboarding experience by configuring registration field options. This allows you to adapt your registration process to match your platform's requirements and user preferences. Let's delve into the details of this powerful feature:

Set Progressive Registration as Skippable

The "Set Progressive Registration as Skippable" field offers you flexibility in how users complete their registration. When enabled, this option allows users to skip certain registration fields during the progressive registration flow. This is particularly useful for streamlining the onboarding experience and allowing users to provide additional information at a later time.

Enabling and Disabling Registration Fields

Configure

Registration Fields: Settings => Registration Fields.

Refer:

• Accessing Field Configuration: Within the "Registration Form Settings," you'll find a table listing the registration fields.

• Customizing Field Status: In the table contains,

  • Field Key – Key name of the Field.

  • Field Type –Type of the Field. (ex: Text, Number)

  • Status: Status of the Field is enabled or not.

  • Action- Action field has an associated enable/disable switch. Use these switches to determine whether each field is active (enabled) or inactive (disabled) on your registration page.

• Adapting to Needs: Depending on your platform's specifics, enable or disable the necessary fields to tailor the registration process. You can choose to collect only the essential information during initial signup and allow users to provide additional details later.

Approval Workflow

The "Available Approval Workflows" field offers a centralized view of the different authorization processes you've established. Each workflow represents a series of steps that guide actions through approval stages.

Use the selection field to choose the appropriate approval workflow for the specific action you're configuring. Workflows can vary based on the complexity and importance of the action.

Send Welcome Message

The "Send Welcome Message" card provides you with a delightful way to greet users as they join your platform. This feature allows you to choose how you want to send welcome messages, ensuring that users feel valued and informed from the moment they sign up. Let's explore the options available for sending these messages:

Email

The "Email" option enables you to send a welcome message to users through their email addresses. A well-crafted email can provide essential information, highlight platform features, and encourage users to explore further.

SMS

The "SMS" option allows you to send welcome messages directly to users' mobile phones via text messages. SMS messages are concise yet impactful, making them an ideal choice for delivering quick greetings and essential details to users on the go.

IVR (Interactive Voice Response)

The "IVR" option takes welcome greetings to the next level by allowing you to send an automated voice message to users through a phone call. This interactive approach provides a human touch, and users can listen to the message and follow prompts for more information.

Enabling Welcome Message Options: Within the "Send Welcome Message" card, you'll find the "Email," "SMS," and "IVR" options. You can enable it.

Auto Login After Registration

The "Auto Login After Registration" feature has a switch that you can turn on or off. When you turn it on, users will be automatically logged in as soon as they finish signing up. This saves them from having to type in their login details again, so they can start using their accounts right away.

Use the enable field to turn on the "Auto Login After Registration" feature.