Logged-in after self-registration in the Loginapp REST API

This article shows how a user can be automatically logged in after self-registration and access (a limited set) of target applications.

Self-registration usually provides only little evidence of the end-user's real identity. Access to applications after self-registration should therefore be limited accordingly.

Authentication flow initialization

To access a target application or service, IAM requires the user to successfully complete the corresponding authentication flow.

To authenticate the user right after self-registration, the self-registration process must initialize the next executed authentication flow so it can be passed with the tags acquired during self-registration.

The next executed authentication flow is chosen by the REST client. In the Loginapp UI it is determined by configuration: see Loginapp >> UI Settings >> User Self-Registration UIs >> Flow UIs >> affected-flow-ui >> Completion Target.

Thus, to allow the user to access a target application right after self-registration, the following is required:

Tell the self-registration flow to initialize the next executed authentication flow.
Make sure the desired tags are granted in the self-registration flow.
Define skip conditions in the affected authentication flow(s), so authentication steps are skipped (and therefore non-interactive).

Configuration

To configure the self-registration flow:
Go to:
Loginapp >> Self-Registration Flows >> affected flow
Enable property Initialize Next Auth Flow.
In the flow steps (e.g. the last one that cannot be skipped - usually the User Persisting Step), grant one or more tags in property Tags on Success.

Depending on the tags granted in the last step above, the configuration of target applications (Loginapp >> Applications and Authentication) has to be adapted such that the desired authentication steps are skipped. To do so, use the property Skip Condition in combination with a Has Tag condition in the corresponding step(s).