The Login Process

The platform's login process incorporates various scenarios such as:

  • Different ways to start the process:
    • User self-signup
    • Site Admin user signup
  • Different login tasks. Depending on platform settings, users might need to complete one or more of the following tasks to be fully logged in:
    • Completing custom tasks such as two-factor authentication
    • Accepting a platform legal agreement
    • Changing a default password provided by the Site Admin
    • Choosing answers to one or more security challenge questions
  • Different types of users:
    • Local users
    • LDAP users
    • Users signing in with third-party credentials such as Google or Facebook.
  • User-initiated tasks such as changing a password

Once the login process has been started, login is not fully complete until all required tasks have been completed. At that point the user has full access to the user interface (determined or possibly limited by the user's role and access to private resources).

When login has been initiated, any of the following tasks, and corresponding operations, might complete the login process:

  • Modify password: PUT /api/users/{UserID}/password When the last pending task is to change the password during the login process.
  • Accept legal agreement: POST /api/legals/agreements. When accepting signup agreement is the last pending task during the login process.
  • Answer challenge questions: PUT /api/users/{UserID}/challenges When answering security challenge questions is the last pending task during the login process.
  • Custom: ResolveLoginPendingTask When another pending task based on a custom workflow, such as two-factor authentication, is the last pending task during the login process.

Login Process Flow

When a platform user logs in for the first time, the POST /api/login operation is invoked. This operation verifies the user's credentials and then checks if there are pending tasks the user must complete.

The next step depends on the workflow:

  • If custom tasks are pending, the ResolveLoginPendingTask operation is invoked.
  • If there are no custom tasks, the user is logged in.

Each of the above operations guides the user through any tasks the user must complete before logging in.

As each pending step is completed, you can invoke the GET /api/login/status operation to check if there is another pending task.

When all pending tasks are complete, the user is logged in, with a status (login.State value) of login.complete.