User Activation Workflow
To ensure the legitimacy of users and grant them access to your application, they must have an ACTIVE
status. This status also enables you to track and identify the users who are actively engaged with your application. The User Activation Workflow provides an explicit way for a user to be activated. It involves Wristband sending a transactional email to the user's email address that requires activation. This email includes an Action Link that, when clicked, directs the user to a page with a unique Email Authorization Code. This one-time code is utilized for finalizing the activation through the Wristband Activate User API.
These are the workflows where a user may trigger the User Activation Workflow, assuming the appropriate Workflow Policy is configured:
- Wristband IDP Signup
- External IDP Signup if the synced External IDP Userinfo contains an email address that is not verified
Retrying/Recovering User Activation
When a user performs a Signup Workflow with the User Activation Workflow Policy configured, they must complete activation within the allotted expiration time set in the User Activation Email Policy. The user will reside in either the PENDING_INVITE_ACTIVATION
or PENDING_SIGNUP_ACTIVATION
status (depending on the workflow) until they complete the activation. If they don't complete activation within the expiration window, they can still receive another User Activation email to prevent them from getting "stuck." The user can fill out the Signup Form again to achieve this. As long as the user provides the same email address as the initial Signup attempt (as well as the same tenant domain name if it's a multi-tenant application), Wristband will send a fresh User Activation email to them without re-provisioning the user or their tenant.
You can also send activation emails directly to your application's users from the Wristband Dashboard, accessible through the Edit User Page.
User Activation: Self-Hosted UI
If you intend to self-host the User Activation Page and utilize Wristband APIs to facilitate the User Activation Workflow, you need to override the Action Link URL for the User Activation Email Policy in the Wristband Dashboard. The URL value should point to the location of your application's self-hosted User Activation Page.
At a high level:
- The user clicks on the Action Link in the activation email that was sent to their inbox.
- The user is redirected to your application's self-hosted User Activation Page along with the Email Authorization Code query parameter.
- Your application calls the Wristband Activate User API, passing along the Email Authorization Code. The user's status is changed from
PENDING_USER_ACTIVATION
toACTIVE
, and their email is marked as verified. - Your application then redirects the user to the Wristband Create Auth Session for Activated User API to create a Wristband Authentication Session for the user. The redirect URL is returned in the response from the prior step as well as an Auth Session Code required to successfully create the session.
- Wristband redirects the user to the Login Endpoint implemented by your application.
From here, the user would go through the Authorization Code Flow to log in and gain entry to the application. Because Wristband already created an Authentication Session for the user during signup, the user gains immediate entry into the application without having to re-enter their credentials.
User Activation: Wristband-Hosted UI
By default, the Action Link in the activation email directs users to a Wristband-hosted User Activation Page. No user interaction is necessary on this page; it is designed for UX purposes, providing a visual confirmation of successful or unsuccessful activation.
At a high level:
- The user clicks on the Action Link in the activation email that was sent to their inbox.
- The user is redirected to the Wristband-hosted User Activation Page.
- Wristband calls the Wristband Activate User API, passing along the Email Authorization Code. The user's status is changed from
PENDING_USER_ACTIVATION
toACTIVE
, and their email is marked as verified. - Wristband -- behind the scenes -- redirects the user to the Create Auth Session API to create a Wristband Authentication Session for the user.
- The user gets redirected to the Login Endpoint implemented by your application.
From here, the user would go through the Authorization Code Flow to log in and gain entry to the application. Because Wristband already created an Authentication Session for the user during signup, the user gains immediate entry into the application without having to re-enter their credentials.
Updated 4 months ago