Does anyone know if it is possible to create a login in XPages / Domino, where one can create their own users who are not on the Domino server.
I need to create a database that has users connected to a customer.
Customer further orders that they want to see. There can be several hundred customers eventually.
The reason I want to create a separate database for users is that users will have different rights and fields than those found in Lotus names.nsf
You could use a separate NAB and add it via Domino's Directory Assistance to the server.
This allows you to create the external users from the other company in this NAB only and won't affect your companies names.nsf.
The external users would have their own company hierarchy, something like
*/Acme/US
f.e.
Mary Jane/Acme/US
The can login with the default Domino mechanism (including the password change mechanism etc). And you can use the other features of Domino like Groups, ACLs etc.
The users would log on to your site with their email adress, that's why there is no be problems with "doubled users" (Hans Mueller/Acme/US and Hans Mueller/YourCompany/US).
The DA must only run on the Webserver that the external users should access. You don't have to replicate it all around in your infrastructure.
EDIT:
You can create user documents in this external NAB without any problems. I prefer a self-registration with a email validation mechanism (to prevent the use of an internal email adress, f.e. of Hans.Mueller#YourCompany.com).
The users can choose their own password. All you have to do is to create a new Person document in the NAB and do a Compute with Form (this sets the HTTP password).
If a user wants to change the password, you can use the ?ChangePassword functionality. And if a user forgets his password, an agent creates a new one in the person document and sends it via mail to the user email address.
Related
This is the my web-app "User Settings" page.
I have simplified it to a minimum to better highlight the problem.
To authenticate users I use Auth0, I wanted to use the sub claim user_id to identify the users inside my MySQL database for update and retrieve user's info. Unfortunately the user_id is different for each provider, for example, if the same user with the same e-mail logs-in via Auth0 he gets a user_id if he does it via google he gets another one.
I thought about using email to link logged user to his info.
The problem is in my API. Before the change it was "localhost: 8080 / api / users /: id"
each time it created a new id and in any case it was impossible to recover the data of the single user. Now that I have replaced "id" with "email" my API has also changed in "localhost: 8080 / api / users /: johnsmith#xxx.com".
Before:
After:
In a few words, the request url on the client side has also changed.
I would like to make sure that the GET and PUT requests are made based on the e-mail of the logged user without going to modify the whole back-end.
Sounds like something is wrong with how you authenticate users. If you have multiple ways to authenticate a user, those methods need to be in a one to many relation with the user. For example each user has a list of auth-methods, and whenever an authentication is made you check your table of authentication methods and find the one user it maps to.
Im not sure if you are doing this yourself or if the framework you are using is handling that, but it sounds like you need to change the model to allow many Auth methods for a single account.
Also you could use email, but that is also an "old" way of uniquely identifying users almost every single person has multiple active email accounts nowadays, so you should also have a one-to-many relation for users to emails. What if the user has different email accounts for their Facebook and Google accounts?
See account linking here: https://auth0.com/docs/users/user-account-linking
It is dangerous to trust that the external providers are truthful about what email belongs to who. What if I open a new account using someone else's email on one of the providers? Then I can log into that users account in your application, which is a pretty big security risk.
I have a Lotus Notes web application where users are required to be defined in the same database using a custom profile form. Specific roles will be assigned in every user accordingly based on the selected predefined user roles. These users will be populated in the ACL dynamically using lotus script web agent.
My question is, how do I programatically register the user in the domino directory? Can I just create a person document with basic info and internet password and assign an external email like gmail or yahoo? If it's possible, do I still need to certify the user using the Certifier Id?
Your suggestion is very much appreciated. Thanks in advance.
You don’t need to certify the user or create an id file. As you already suggested, you just create the person document in the directory database. Look at Registering users for your Domino Web site for details, e.g. how to avoid duplicate user names.
We have a Kentico 10 website using custom WIF authentication. That is all working fine. I can see that the authenticated user details match what is expected.
I tried enabling the online marketing - contact tracking and then discovered that even though I had logged out with one account and then logged in with another account the new user's activity was being logged as if the first user had performed it.
The only that works reliably is using a delete cookie plugin in chrome which isn't a good solution for production.
I tried expiring the existing cookies for the domain and then found after logging out and back in again with a new user that all the new activity was being logged as public anonymous user.
Is there anything I can add to signout or login to ensure that the correct Contact is being tracked against. Different users should be able to use the same browser logging out and back in again without this contact activity going against the wrong person.
The contact cookie is stored per user account on a computer. So if you're simply logging in and out of Kentico this activity will not change your contact cookie. Kentico sees you as the same contact even though you are authenticating with a different user account.
Kentico Contacts and Users are not synonymous although they can have a link to one another. So I'd expect if the user account with linked with a contact you may see different activity for that particular contact. The only way a contact is linked to a user account is if one of the 3 activities happen:
Registers on a website
Signs in with a user account
Fill in customer data while making a purchase
So even though you're doing #2, I'm guessing something unique is happening since you're doing some testing on the local machine. Check out the documentation about contacts and linking to user accounts. To test or see if a user is linked to a contact, go to Contact Management, manage a contact and click on the Membership>Users tab. If see a user account linked to the contact then that contact is linked. If you don't see one then that particular contact is not linked and you'll experience the issues you're explaining.
Our web app. sends reports out to users which contain links that point to various items within our web app. (specific records). Users ordinarily have to login to our system to access it, so I am wondering what the best methods are of allowing one of these links to direct the user to the area of the system, without them having to repeatedly login.
When you create a link, you can note which user this link is for. When user clicks on the link, fetch information for the user. Guid in your url would guarantee that no other person can guess path for that users data. This will not technically authenticate a user. But will allow them to see data you need.
First of all it's bad idea to distribute user credentials even to a known email address.
You can generate a unique key for each customer and insert it in query string of included URL in the email. once user clicks on the sent URL, system discovers which user is dealing with and authenticates user. After successful authentication process it really makes sense if you disable the sent unique key.
I am new to Netsuite.
While creating accounts on Netsuite, I found that i can create multiple accounts with same email ID (Netsuite does not check whether the email id is unique or not).
Is there any specific scenario where creating multiple accounts with same email ID will be useful in Netsuite ?
You can associate one email address to multiple Netsuite account. When you login it will redirect you to a window where you can select the account where you want to use the existing login session.
No, It doesnt add or make any advantages to administration at all. You SHOULD NOT associate two separate employees with the same Email ID. Besides, when you set the same email to be associated across different places, it will force logout the current user when the next user attempts to login.
Advantage for the user for sure as they have access to all the roles associated to employee, customer, and partner records associated to their email address. Definitely no advantage for NS administration. If you are looking to do scalable things for implementation, then you need to do mass updates within netsuite across entities...don't try to use a single email placeholder as a shortcut for users or access as this gets derailed by the logout mechanism I mentioned above. If you absolutely need multiple users to have access, you could do something like a limited partner or customer center role to an employee that can act as a parent for all assigned customers within their territory...but that basically is manipulating the system to work differently than intended and could be considered a violation of NS TOS...I would suggest to avoid this as it could mean they could shut off your account and access to your customization.