Self-Registration | Planning Steps

Step 1 - Consider Messaging

The first planning step for Cirrus Self-Registration is to consider the messaging that will be used with end users. This mainly involves the following:

  1. Is the messaging going to be specific to one Service Provider, a group of Service Providers, or generic for the whole organization?

  2. Is the messaging going to be for a specific audience (for example applicants or alumni) or will it need to cover a broader audience of external access end users?

  3. Will the message overlap with messaging for API based Cirrus Account Linking or the Cirrus Invitation feature?

  4. Where will the static self-registration URL be presented to the audience(s) that will be using self-registration.

To help with your planning, see “Invitation | Message Setup” for descriptions and available dynamic content options for Self-Registration dialog messages.

Next you will want to look at Getting Started with Cirrus Self-Registration.

Self-Registration | Getting Started

Once a customer subscribes to the Self-Registration service, Cirrus Identity will enable it so that it is visible in the console.

Customers will often subscribe to one or more additional Cirrus Identity modules to support desired implementation patterns. In addition to enabling Self-Registration, Cirrus Identity Provider Proxy and Cirrus External Identity Provider instances may be provisioned, and some initial setup for Cirrus Gateway and/or Cirrus Account Linking may also take place.

The following are the steps needed to get started using Cirrus Invitation:

  1. Customers should consider the Cirrus Self-Registration planning steps before starting. If help is needed, Cirrus Identity offers generally accepted practices, customer stories, and professional services to help.

  2. Depending on the target audience, Cirrus will provision other modules based on the customer’s subscription (or trial/PoC agreement). Modules such as Cirrus Gateway, Cirrus External Identity Provider, Cirrus Account Linking, and Cirrus External Identity Provider each have associated setup. See the “Getting Started” for each module as appropriate:

  3. If there is an Identity Provider or Service Provider that is needed by Self-Registration, but the metadata for the SP/IdP is not published to federation metadata (for example InCommon or eduGAIN), the metadata needs to be sent to Cirrus Identity Support (support@cirrusidentity.com) for configuration.

  4. A member of the organization needs to have access to the Cirrus Console and to be granted the “Organization Administrator” (org admin) role for your organization (see Cirrus Console Getting Started).

  5. The SP (or the SP side of a Cirrus Proxy) will need to be active in the Cirrus Console and have the Self-Registration capability enabled. If it has not already been configured, an org admin will create the SP in the Console so it can be configured. While configuring the SP, the option to allow the SP to use Invitation needs to be enabled.

  6. From the Cirrus Console, an admin will configure the Cirrus Gateway to enable social login capabilities (see Cirrus Gateway Getting Started). Generally Self-Registration is used with social login options, however that is not a requirement and can be skipped if the Cirrus External Identity Provider and/or federated identity providers will only be used.

  7. From the Cirrus Console, an admin will configure the Cirrus Discovery Service to enable the end user to select the Identity Provider (social login, Cirrus External IdP, and/or federated identity providers) for login (see Cirrus Discovery Getting Started).

  8. From the Cirrus Console, an admin will start the configuration by going to the “My SPs | Self-Registration” page for the desired SP and follow the inline configuration instructions on the page.

  9. Change the configuration of SPs to trust the proper IdP, utilize the Cirrus Proxy if appropriate, and utilize the Cirrus Discovery Service as outlined by:

Once these steps are complete, you are ready to use Self-Registration. Self-Registration can be tested using the static registration URL provided at the bottom of the Self-Registration configuration page.

To monitor the Self-Registrations, administrators can see all registrations from the “My SPs | Guests” page.

Self-Registration | Using Cirrus Self-Registration

Choose your allowed Identity Providers

Self-Registration is a way for users to sign up for a service directly (not via the email-based claim process or authentication-based account linking). You will need to decide which third party identity providers you will allow users to choose, including the External Identity Provider service if that is part of your subscription.

The screenshots below will illustrate a user’s experience once Self-Reg is configured.

The registration flow usually starts with a clickable link on an organization’s web site, such as a “Register Here” button. When a user clicks that button, they will enter the Self-Reg flow and choose an Identity Provider.

User Chooses Identity Provider and Agrees to Terms of Service

The process starts by asking users which identity they’d like to use. When they authenticate, the Self-Reg service captures a limited set of attributes (first name, last name, email address) to start the registration process.

1. Self Reg - Initial Registration with Disco.png

Login to chosen Identity Provider

Next users will go through the standard login flow, if they are not already authenticated, at their chosen Identity Provider. This example shows Google.

2. Self-Reg Google Login.png

Prevent Duplicate Registrations

The Self-Reg service includes an intermediate screen in attempt to prevent users from inadvertently creating a second registration. Users confirm that this is a new registration and they want to continue creating a new account.

3. Self-Reg Do you want to continue step.png

Complete Registration Form

Next users are taken to the registration form. The Self-Reg service pre-populates the data that is returned from the identity provider. If you need users to add other information at registration, like a mobile phone number, we can work with you to add those fields.

4. Self-Reg Final Registration Form.png

Confirmation Screen

As a final step, users are presented a confirmation screen to confirm their account is registered and to show the attributes that the service collected.

5. Self-Reg Confirmation page.png