MFA Reset Widget

Definition

This widget is used by the Administrator to completely reset a User MFA Account and (eventually) send a new activation link.
As a precondition, the admin selects a user having an MFA account and enrolled devices to reset his/her MFA account.

A. The user can choose whether to "Send a new enrollment link to the user" or reset the device enrollment directly on the MFA reset.
B. When selecting "default", an email will be sent to the user default email address.
C. With "custom", the user can enter any email address.

Configuration

Properties

Properties name	Type	Mandatory	Description	Values (default value in bold)
allowEnrollmentLink	`Boolean`	NO	Indicates whether or not devices can be enrolled with an enrollment link.	true, false
enrollmentLinkOptions	`MyMFADeviceEnrollmentLinkOptions`	NO	Options for enrollment through a link.	-

enrollmentLinkOptions properties

Properties name	Type	Mandatory	Description	Values (default value in bold)
mode	`Enum`	NO	Two modes of device enrollment are available through a link.	UNIQUE, DEVICE
deviceEnrollmentLinkIntent	`String`	NO	Identifier of the Self-Service feature to enroll a device. By default this will provide the choice between mobile and browser. Used when mode is UNIQUE.	my_mfa_enroll
deviceEnrollmentLinkIntentBrowser	`String`	NO	Identifier of the Self-Service feature to enroll a Browser device. Used when mode is DEVICE and BROWSER is selected.	my_mfa_enroll_browser
deviceEnrollmentLinkIntentMobile	`String`	NO	Identifier of the Self-Service feature to enroll a Mobile device. Used when mode is DEVICE and MOBILE is selected.	my_mfa_enroll_mobile
deviceEnrollmentLinkUseCount	`Int`	NO	Number of times the enrolment link can be accessed (during the validity period).	1
displayDeviceEnrollmentLink	`Boolean`	NO	Indicates whether or not the enrollment link shall be displayed on screen.	true, false
sendDeviceEnrollmentLink	`Boolean`	NO	Indicates whether or not the enrollment link shall be sent by notification.	true, false
sendDeviceEnrollmentLinkEmailOverride	`Boolean`	NO	Authorizes to override the destination email address when sending the device enroll link by email.	true, false
actions	`Actions`	NO	Allows to define actions (notification sending, script execution...) that will be performed when the feature is submitted. In the case of a rule exection, it must be of MYMFA category.	-

Example

XML

<widget id="my-mfa-reset-widget" xsi:type="ctdbum:MyMFAResetWidgetType">
	<hidden>false</hidden>
	<config>
		<bordered>false</bordered>
		<title>true</title>
		<allowEnrollmentLink>true</allowEnrollmentLink>
        <enrollmentLinkOptions>
          <mode>UNIQUE</mode>
          <deviceTypes />
          <deviceEnrollmentLinkIntent>identity-common-public-myMFAEnroll</deviceEnrollmentLinkIntent>
          <deviceEnrollmentLinkIntentBrowser>myMFA-enroll-browser</deviceEnrollmentLinkIntentBrowser>
          <deviceEnrollmentLinkIntentMobile>myMFA-enroll-mobile</deviceEnrollmentLinkIntentMobile>
          <displayDeviceEnrollmentLink>false</displayDeviceEnrollmentLink>
          <sendDeviceEnrollmentLink>true</sendDeviceEnrollmentLink>
          <sendDeviceEnrollmentLinkEmailOverride>false</sendDeviceEnrollmentLinkEmailOverride>
          <actions>
            <action class="actionNotification">
              <config xsi:type="ctdrule:CitadelNotificationConfigurationType">
                <notifications>AIW1-common-enrollment-emailDefinition</notifications>
              </config>
            </action>
          </actions>
        </enrollmentLinkOptions>
	</config>
</widget>

Configuration

Properties

enrollmentLinkOptions properties

Example

Read Next