Registration and Invitations
The latest portal authentication experience allows portal users to sign in with their choice of a local Contact Membership Provider based account or a federated account based on OpenAuth and ACS. Both local and federated account registration can take advantage of the invitation code sign up model as well as the email confirmation workflow. In addition, portal administrators may choose to enable or disable any combination of authentication options through portal site settings.
Local authentication is the common forms-based authentication that is backed by the Contact Membership Provider. Like any other membership provider, the Contact Membership Provider stores account credentials in a local data store and, in this case, takes the form of contact records of a Dynamics CRM organization. Changing passwords and managing other account details is the responsibility of the local portal. For developers, a membership provider means that the suite of ASP.Net web controls is available for building custom authentication experiences.
Federated authentication is provided by both the Microsoft DotNetOpenAuth helpers for ASP.NET Membership as well as the Windows Azure Access Control Service (ACS). In this case, account credentials and password management are handled by a third party identity provider. This includes OpenID based providers such as Yahoo! and Google and OAuth 2.0 based providers such as Twitter, Facebook, and Microsoft. Users sign up to the portal by selecting a federated identity to register with the portal. Once registered, a federated identity has access to the same features as a local account.
Account Sign Up (Registration)
Portal administrators have several options for controlling account sign up behavior. Open registration is the least restrictive sign up configuration where the portal allows a user account to be registered by simply providing a user identity. Alternative configurations may require users to provide an invitation code or valid email address to register with the portal. Regardless of the registration configuration, both local and federated accounts participate equally in the registration workflow. That is, users have the option to choose which type of account they wish to register.
During sign up, the user has the option of creating a local account (providing a username and password) or selecting a federated identity from a list of identity providers. If a federated identity is selected, the user is required to sign in through the chosen identity provider to prove that they own the federated account. In either case, the user is immediately registered and authenticated with the portal. A new contact record is created in the CRM organization upon sign up.
With open registration enabled, users are not required to provide an invitation code to complete the sign up process. Open registration is enabled by setting all of the following site settings to
When the email confirmation feature is enabled, a user attempting to sign up with the portal is first required to submit a valid email address. A new contact record is created containing the submitted email address as well as an auto-generated invitation code. Next, an email message is sent to the address with the invitation code in the body of the message. This is achieved by executing the CRM process (workflow) named
ADX Sign Up Email (the email message contents can be edited by modifying this process). At this point, the standard invitation code registration process takes over. By redeeming the invitation code, the user proves ownership of the email account in the process of registering with the portal.
Even though an invitation code is involved, the code is auto-generated to allow public registration. Consequently, email confirmation can be considered a variation of open registration.
Enabling (requiring) invitation code will disable email confirmation regardless of whether email confirmation is enabled or disabled. In other words, in order to enable email confirmation, invitation must be disabled.
User Registration Settings and Workflows
The user sign up process involves the following forms (steps) used in various workflows depending on several (boolean) registration settings.
|Name||Site Setting Name||Default Value|
|Requires Email confirmation||
|Open registration sign up|
|Submit invitation code|
|Redeem invitation code|
|Submit email address|
|Requires Invitation||Requires Email Confirmation||Form Workflow|
|Not applicable. Invitation overrides email confirmation. Behaves as though email confirmation is disabled.|