Using invitation codes as an offline alternative during enrolment code validation
Invitation codes were introduced in version 3.2 to allow Veridium Manager to serve as a centralized place to manage user enrollment codes by providing functionality to generate enrollment codes for a single user or for a list of users, to view details and manage these enrollment codes and invitation list, and also to configure the email template used to send the code and other configurations regarding enrollment by invitation.
In version 3.5.3 this functionality has been extended to allow usage of invitation codes in various offline scenarios. A new method of delivery has been added in Veridium Manager / Directory Service / Enrollment / Code Validation Channel / Options - Receiver options priority named “INVITATION”. This allows the invitation code to be validated during Code Validation step in the enrollment process, without the presence or necessity of Help Desk, Line Manager, user phone number or email.
A sample scenario:
User joins the team and receives an Active Directory account.
- user has no previous enrolment via any other authenticator.User receives a sealed envelope with printed onboarding instructions and documents, including the invitation code generated and exported from Veridium Manager.
User can start an enrollment and present that code at the Code Validation step, without the need for confirmation from Line Manager, HelpDesk, and without access to company email.
The invitation codes or invitation list now provides support to select a distribution channel of the code:
Email
deliver the code on email address selected during code generation.
codes are encrypted in the persistence layer using PBKDF2
Letter
allows export to csv of the code and can be distributed on other channels (e.g. printed document).
codes are not encrypted in the persistence layer to allow export feature. Codes generated for this flow will have the same functional parameters and settings as the rest of the codes already present in previous server versions.
Functional aspects:
The previous version offered support to validate the invitation code only in the AD Enrollment
enrollment step that is used in general as the 1st enrollment step. Starting version 3.5.3 invitation code validation is possible in additional steps using Code Validation Channel
and Code Validation
steps.
Enable option in the Enrollment / Code Validation Channel - Options tab - Receiver options priority
Add
INVITATION
as option in the Receiver options
Allow text input in Enrollment / Code Validation
All validation codes except invitation codes are numerical and by default the code hint provided by this step isnumber
. This improves the mobile devices enrollment UX that are presenting there the numerical keyboard.
Administrator can alternatively switch thesmscode
parameter from Code Validation / Mobile GUI Options / Enrollment Parameters tostring
to allow mobile devices alphanumerical keyboard display and input.In order to activate the “Export CSV” function, the channel chosen for delivery must be set on “Letter” during code generation via Manage enrollment codes → Create code → Channel parameter:
After Letter codes are created, the “Export to CSV” function will be active in the Manage codes list when they are selected:
Note: expired Letter codes cannot be exported.