Courion Tip – New User workflow and PIN Numbers   Leave a comment

I had a workflow for new hires, that used a single authentication step. Simply put in your user ID, and your PIN number, and you could set your initial password. Unfortunately, this caused a little bit of confusion. If a user has their password set using the Courion products (such as calling the help desk), I delete their PIN. I don’t want it sitting out there too long as it is a potential security risk (easier to guess, etc). So, some people were already all set, but thought they still had a PIN number and thought they needed to use it. To sort of add to the confusion, the workflow name had the words New Hire in it, so new hires were lead into thinking they HAD to use this workflow.

  • Anyway, I made it into a 2 step authentication.
  • Step 1 – enter your user ID.
  • Step 2 – enter your PIN number….

BUT, here’s the “extra”…. While Step 1 is basically loading, I can now go out and look to see if you have a PIN number. If you do, then things process as before. If you don’t have a PIN number, I display text basically saying you don’t need to do this, etc – in the user’s preferred language.

  • Add the GetUsersLanguage custom macro previously discussed
  • Add a Is_PIN_Null Custom macro set to:

SELECT CASE WHEN (len(PinNumber) < 4 or pinnumber is null) THEN (SELECT TextContent FROM TextContent WHERE   WorkflowName = ‘%Workflow Name%’ AND StateId = ‘PIN_Is_Null’ AND LanguageCode = ‘%Custom Macro.GetUserLanguage%’ AND ScreenField = ‘PIN_Null_Message’) ELSE ‘ ‘ END AS PINStatus FROM  Profile WHERE (ProfileUID = ‘%Auth Step 1.ProfileUID%’)

Add this to the Provisioner Community Step 2, Form Instructions: %Custom Macro.Is_PIN_Null%

Populate your Text Content Table appropriately, in the languages you support. I used this:

PIN_Is_Null en PIN_Null_Message <hr WIDTH=”100%”><b>You no longer have a PIN Number.</b><br>This is because you have either had your password reset by the help desk,<br>or you have used one of the self service workflows<p>In either case, you should now be able to….<br>Do a <a href=URL To your workflows><b>self service password change</b></a> using your active directory password.<br>Do a <a href=”URL to another workflow”><b>self service password reset</b></a> if you have set up your user profile. <br>Use Control-Alt-Delete to change your password – which will then propagate to your target systems<br><hr WIDTH=”100%”>

If they have a PIN, then they won’t see the text. If their PIN is null or blank (not necessarily the same thing, don’t forget!) then they get the message above.

Advertisements

Posted September 3, 2009 by mmdmurphy in Courion Tip, tips

Tagged with

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: