Layer7 API Management

Hi All,

I have a customer who is scared of email interception so they are asking how can I set default state of invited developer to 'disabled' instead of 'enabled' when an orgAdmin sends an invite to a particular developer.

At the moment, the developer who gets the email needs to register, but when they click on 'submit' they are taken to their dashboard and are enabled by default,

The customer would like this to be disabled, like if they were to register manually.

Thanks

Maurizio

Hi GARMA26,

I believe you are looking for the section in the API Portal User Guide titled "Configuring Workflow and Optional Features". In there, it shows how to setup automatic approval (or vice-versa; manual approval) for Registrations, API Plans, Account Plans, and Applications.

To quickly sum it up: You would navigate to /SYSTEM/conf/ in the API Portal content management system (CMS), and edit the properties.xml file in that directory. In that file, you'll find lines similar to <Property name="registrationApprovalRequired" value ="yes" />, for example, where you would either change the yes to no, or the no to yes, depending on what it is you are wanting to achieve. Details on these changes are in the API Portal User Guide.

Sincerely,

Dustin Dauncey

Support Engineer, CA Technologies

Email: l7support@ca.com

Phone: +1 800 225 5224

Outside of North America - http://www.ca.com/us/worldwide.aspx

I will try this,

Although I think I did try it and it failed, but I will give it a go, I might have done something wrong

thanks

Maurizio

I have tried it and it does not work, I have it changed and published but no change, when I complete a registration form from an email invitation I get enabled by default.

As I mentioned, it is not about the individual registering from anew, I am talking about a Developer registering after receiving the email invitation from an OrganizationUser where the developer clicks on the link in the email which is of the format:

ssgconfig@mg-api-26.l7tech.com&token=ThQjCWU1ssx6JuS5-Yl1q5FRoO4cCT9WkWq3BohDJL4qaflgmjI0OOIXzgR3aPUmvD_duXLASBE" rel="nofollow" target="_blank">https://mg-api-26:8443/invitation/validate?email=ssgconfig@mg-api-26.l7tech.com&token=ThQjCWU1ssx6JuS5-Yl1q5FRoO4cCT9WkW…

As you can see, it is a link to the /invitation/validate URI with two parameters: the email and the token.

I have 'discovered' that if I omit the token part, then the user can still register and is created and disabled, BUT is not of the same organization of the organizationUser who sent the email .

If I keep as it is with the token, the user registers and is created within the correct organization unit AND is enabled which is NOT what I want.

So either there is a way to specify the organization without the use of a token, but I test adding the parameter organization=test_org or organizations=test_org but none worked (test_org exists as an organization)

Or there is a way for defaulting the registration with token to be disabled by default

I have tried to reverse engineering the flow and I kept hitting walls, like in a glass labyrinth and I am sick and tired: I even tried to look for any file that would allow me to check the creation of the token, but 'token' as a keyword in the search did not reveal any useful info,

Help please.

An admin can either suspend the developer through the admin dashboard menu:

Or through the underlying user administration interface:

Hi Ben,

This is clear to me, but the customer wants for the account to be in state 'disabled' by default, while for now, it is enabled by default when you register from an email invite

Thanks

Maurizio

Hi GARMA26,

I am following up on some older discussions that are not yet marked as answered, and wanted to ask if this has been resolved since November, or if this is still an unresolved discussion around the ability to have a newly registered user (specifically who was sent out an invite link rather than signing up from scratch) being disabled by default?

The instructions I provided first were unsuccessful, to my understanding, I suppose because you wanted it to apply to users with an invite link, rather than just new users who sign up as visitors to the website? I can investigate a bit further but this may need to be a feature request for a future version, and in which case I would encourage you to submit a new Idea in the Communities here so that Product Management can take a look at that use-case. But before you do that, please just let me know if this was resolved since November or if you are still waiting on a solution, and I will try my best to figure it out for you.

Sincerely,

Dustin Dauncey

Support Engineer, CA Technologies

Email: l7support@ca.com

Phone: +1 800 225 5224

Outside of North America - http://www.ca.com/us/worldwide.aspx

Hi Dustin,

Thank you for the reply,

unfortunately after much research, there is no such option, so, I asked Dana and directly and the only way around what the customer sees as a security breach, is to have the OrgAdmin invite the user using his own (OrgAdmin) email address so that he can be sure that the email is well received, then he clicks on the link himself and changes the details setting a default password and a proper username as well as changing the email address, and finally, he would communicate the username and password to the intended developer in a secure way,

not ideal but it seems to be the only way

Maurizio

Another solution could be writing a trigger to lrs.cmsuserproperties table  to change account state to pending if there is no previous record denoting state. Trigger could let state to be changed from pending to active, so that user could be later activated by admin