Managing Pilvi™ User Authentication and Registration

Edit on GitHub

Table of Contents

Registration

You can disallow the registration of new accounts on the Pilvi Platform via Preference: SITE_REGISTRATION_ENABLED.

Authentication

Pilvi Platfrom has support for three different types methods for authenticating a User

  • Credential Authentication (Local)
  • Credential Authentication to a External Provider
  • Authentication via 3rd Party Provider

Credential Authentication (Local)

Pilvi Platform's local User database. Authentication is performed against the Pilvi User database. Enabled by Default.

Can be disabled via Preference: AUTH_PROVIDER_LOCAL_ENABLED

Credential Authentication to External Provider

Pilvi Platfrom forwards authentication requests to an External Provider, such as Active Directory or LDAP.

Contact sales if interested in AD/LDAP authentication

Authentication via 3rd Party Provider

Pilvi Platfrom redirects the User to a 3rd Party Providers site, where the actual login (or register) action is performed. After a succesful authentication, the User is forwarded back to Pilvi Platform.

Currently Supported 3rd Party Authentication Providers are:

  • Azure AD B2C

Azure AD B2C

Azure AD B2C is a cloud identity and access managmenet service, which allows you to connect various different identity providers. Azure AD B2C allows your users to access your service using social media accounts.

To enable an Azure AD B2C integration, you'll need to enable it from the Settings.

Azure AD B2C integration currently support Login and Register.

In Manager

  1. Go to Settings, open Analytics tab.
  2. Fill in additional Preference values for the integration.
  • AUTH_PROVIDER_AZURE_AD_B2C_TENANT_NAME.
  • AUTH_PROVIDER_AZURE_AD_B2C_CLIENT_ID.
  • AUTH_PROVIDER_AZURE_AD_B2C_CLIENT_SECRET.
  • AUTH_PROVIDER_AZURE_AD_B2C_POLICY_FOR_LOGIN.
  • AUTH_PROVIDER_AZURE_AD_B2C_POLICY_FOR_REGISTER.
  • AUTH_PROVIDER_AZURE_AD_B2C_POLICY_FOR_USER_EDIT.
  • AUTH_PROVIDER_AZURE_AD_B2C_POLICY_FOR_USER_PASSWORD_RESET.
  1. Finally, enable AUTH_PROVIDER_AZURE_AD_B2C_ENABLED.

In Your Azure Directory

  • Create a B2C Tenant.
  • Register your Pilvi Site as a "web application".
    • Write down your Application ID, you'll need to fill in that ID in Manager as AUTH_PROVIDER_AZURE_AD_B2C_CLIENT_ID.
  • Create User flows Sign up and sign in, Profile editing and Password reset.
    • Use unique names for the User flows, e.g. "B2C_signup", "B2C_edit", "B2C_reset".
    • In settings of each User flow, activate
      • Identity providers: Email signup
      • User attributes: Email Address, Given Name, Surname
      • Application claims: Identity Provider, Email Address, Identity Provider Access Token.
      • If you have a custom layout (HTML page), fill in the settings in Page layouts.
      • In Languages, make language and locale settings for each User Flow

Tips:

  • If you have trouble finding the right page in the Azure Portal, try using the Search box.
  • There are good tutorials at https://docs.microsoft.com, you'll find links to these right there in the Azure Portal.