Configuring self-registration for officers
| 🌐 This document is available in both English and Ukrainian. Use the language toggle in the top right corner to switch between versions. |
1. General description
The platform provides the ability to configure self-registration for officers, simplifying the registration process for users without the need for administrator involvement.
- This creates several advantages for organizations and users:
-
-
Efficiency: reduces the time and effort administrators spend on creating user accounts, especially in registries with a large number of users.
-
User autonomy: allows users to create their own accounts in the system without additional assistance from the administrator.
-
Reduced errors: The self-registration process typically involves verifying the data entered by users, reducing the likelihood of administrator errors when creating user accounts.
-
Time savings: With self-registration, users can quickly access the system and start using its functionality without waiting for administrator approval.
-
2. Setting up self-registration for officers
Registry administrators can configure self-registration for officers through the Control Plane administrative panel, in the Registries > Officer authentication section.
When enabled, officers can automatically register in Keycloak — the system for user and access management. Upon the user’s first login to the Officer portal, their account is created with the system role unregistered-officer assigned, and the user is automatically redirected to the self-registration business process.
It is not recommended to grant the unregistered-officer role access to any business processes except for self-registration in the registry authorization file bp-auth/officer.yml.
|
When self-registration is disabled, authentication for officers follows the standard process, where users need to be initially created in the user management system (see Creating users in the system for more details).
- To enable or disable self-registration for officers, follow these steps:
-
-
Log in to the Control Plane administrative panel.
-
Go to the Registries > Edit > Citizen authentication section.
-
Toggle the switch to allow or disallow self-registration.
When the ability is turned off, users who have started the self-registration process will not be able to complete their tasks if they are modeled. User self-registration requires that a pre-modeled self-registration business process is already created in the registry.
For more details see Self-registering officers with manual moderation.
-
Click the Confirm button to save the changes.
This will result in a merge request to the registry configuration, which needs to be confirmed.
-
Go back to the Registries > Update Requests section and review the new request by clicking the "View" icon — 👁.
-
In the new window, review the changes and click Confirm.
The proposed changes will be applied to the registry configuration in the deploy-templates/values.yaml file upon confirmation. The setting is controlled by the
keycloak.officerPortal.selfRegistrationparameter, which can be set to eithertrueorfalse.Example 1. Example 1. SettingselfRegistrationtotruein the deploy-templates/values.yaml filekeycloak: realms: officerPortal: browserFlow: dso-officer-auth-flow selfRegistration: true -
Wait for Jenkins to apply the configuration using the
MASTER-Build-<registry-name>pipeline. This may take a few minutes.
-
3. Authenticating upon logging into the Officer portal
Officers can automatically start the self-registration process after logging into the portal if the self-registration business process has been pre-modeled in the registry and self-registration is enabled for that registry.
After completing the registration, the system redirects the user to the login page, this time with the officer role assigned. After the login the officer will have access to the services available in the registry.
