New User Invitation: Self-Hosted UI

If you intend to self-host the New User Invitation Page, you can configure Wristband to reference the URLs where your pages are located. Wristband will then direct users to your pages wherever they need to be presented during the invitation flow.

---

Configuration

Depending on which pages you intend to self-host, configure the relevant settings in the Wristband Dashboard.

Custom Page URLs

Under Application Settings → Custom Page URLs in the Application View of the Wristband Dashboard, set the following field to the location of your self-hosted page:

• External IdP User Invite Page URL: The location of your self-hosted External IdP New User Invitation Page. Wristband redirects users here after they authenticate with an external IdP, passing along the External IdP authorization code needed to complete the invitation flow. Supports the {tenant_name} placeholder for tenant subdomains.

Email Policies

Under Email Policies in the Application View of the Wristband Dashboard, set the Action Link URL for the Email-only User Invitation email template to the location of your self-hosted New User Invitation Page. Individual tenants can also override this application-level setting. Wristband sends this URL in the invitation email when a user is invited.

ℹ️

Note: To configure the URL used for generated invitation links, set the Custom Invitation Link URL field under Workflow Policies → Invite New User. See New User Invitation Workflow for details.

---

New User Invitation

Wristband Identity Provider

At a high level:

1. The user clicks on the Action Link in the New User Invitation Email that was sent to their inbox.
2. The user is redirected to your application's self-hosted New User Invitation Page.
3. The user provides all information on the form and clicks the submit button.
4. Your application calls the Wristband Accept New User Invite API, passing along the Email Authorization Code.
5. Your application then redirects the user to the Wristband Create Auth Session for New User Invite API in order to create a Wristband Authentication Session for the user. The redirect URL is returned in the response from the prior step as well as an Auth Session Code that is required to successfully create the session.
6. Wristband redirects the user to the Login Endpoint implemented by your application.

From here, the user would be sent through the Authorization Code Flow in order to login and gain entry to the application. Because Wristband already created an Authentication Session for the user during the flow, the user gains immediate entry into the application without having to re-enter their credentials.

External Identity Provider

At a high level:

1. The user clicks on the Action Link in the New User Invitation Email that was sent to their inbox.
2. The user is redirected to your application's self-hosted New User Invitation Page.
3. The user clicks the "Continue with Google" button, which triggers a call to the Wristband Authorize External IDP User on New User Invitation Endpoint.
4. Your application redirects the user to Google's account login page.
5. The user submits their Google credentials.
6. Google redirects the user to the Wristband External IDP Callback Endpoint (which can be found in the Identity Providers section of the Wristband dashboard for your given IDP), where Wristband creates an External IDP Authorization Code required for completing authentication.
7. Wristband redirects the user to your application's self-hosted External IDP New User Invitation Page along with an External IDP Authorization Code that will be used for creating an Authentication Session.
8. The user provides all information to the External IDP New User Invitation Form and clicks the submit button.
9. Your application calls the Wristband Accept New User Invitation For External Idp User API, passing along the External IDP Authorization Code.
10. Your application then redirects the user to the Wristband Create Auth Session for New User Invite API in order to create a Wristband Authentication Session for the user. The redirect URL is returned in the response from the prior step as well as an Auth Session Code that is required to successfully create the session.
11. Wristband redirects the user to the Login Endpoint implemented by your application.

From here, the user would be sent through the Authorization Code Flow in order to login and gain entry to the application. Because Wristband already created an Authentication Session for the user during the flow, the user gains immediate entry into the application without having to re-enter their credentials.