Skip to main content
Skip table of contents

Public Access

Definition

Public Access on the User Portal is used to quickly redirect to a Token Access where a Self-Service Task can be performed. The redirection is dependent on the Identification of the User through various configurable means:

  • Search Panel to retrieve the Identity

  • Attributes to match against the Identity's

  • Security Questions

A Public Access is always done with one or several Self-Service Features Identifiers set to perform a Self-Service Task afterward.

Those are named intents. These intents may be configured directly in the public access configuration.

Configuration

You can access the Public Access configuration :

  • by clicking on "Portal" β†’ β€œPublic Access”

  • by clicking on "System" β†’ "Configurations" β†’ "Business Model" and perform an import/export.

Global properties

All users must have the rights to access the self feature and the portal.

Domain

Code

DataSet : Each feature starts by announcing the DataSet as following:
This is the main tag which contains all the other tags.

CODE 
<kit:DataSet xmlns:ctd="http://www.memority.com/citadel/1_0" xmlns:ctdbpmn="http://www.memority.com/citadel/bpmn/1_0" xmlns:ctdbum="http://www.memority.com/citadel/bum/1_0" xmlns:ctdcore="http://www.memority.com/citadel/core/1_0" xmlns:ctdidm="http://www.memority.com/citadel/idm/1_0" xmlns:ctdrule="http://www.memority.com/citadel/rule/1_0" xmlns:ctdtnt="http://www.memority.com/citadel/tnt/1_0" xmlns:kit="http://www.memority.com/toolkit/1_0" xmlns:rule="http://www.memority.com/toolkit/rule/1_0" xmlns:ruleaddon="http://www.memority.com/toolkit/addons/rule/1_0" xmlns:search="http://www.memority.com/toolkit/search-expression/1_0" xmlns:security="http://www.memority.com/toolkit/security/1_0" xmlns:settings="http://www.memority.com/toolkit/addons/settings/1_0" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
</kit:DataSet>

Public Access Configuration : Each Public Access has the following configuration to describe it.

This will be detailled in the Public Access Configuration paragraph.

Version and encoding : Each feature starts by announcing the version and encoding as following

CODE 
<?xml version="1.0" encoding="UTF-8"?>

Public Access Properties

Properties name

Type

Mandatory

Description

Values (default value in bold)

id

String

YES

The id is the unique identifier of the Public Access.
This tag contains all other tags.

-

name

String

YES

The Public Access name. It can be different from the id. It is possible to modify name property after the creation.

-

description

String

NO

Used to describe the Public Access that will be configured. It is possible to modify this property after the creation of the Public Access.

-

intents

List<Intent>

YES

A list of Self Feature identifiers to be set on the Access Code.

-

searchAttributes

List<Attributes>

YES

List of Attribute identifiers for attributes that must be displayed at the top of the page.

This list of Attributes is used to find the Identity.

The filling of Attribute fields are not mandatory.

-

scope

Scope

YES

See configuration of Scope.

-

captcha

Boolean

NO

Indicate whether or not a Captcha must be displayed on the first page.

Memority offers different types of captcha, which can be selected via a setting.

false, true

verificationAttributes

List<Attributes>

NO

List of Attribute identifiers for Attributes that must be requested in a form.

Those Attribute will need to be compared with the actual Identity's attribute to verify the user.

This may be left empty in which case no verification is performed.

In a process where we send an access code or if we validate the identity thanks to security questions, it doesn't make sense to have verification attributes. In these case, we should only have to fill search attribute(s).

-

askSecurityQuestions

Boolean

NO

Allows you to define whether the user will have to answer security questions (3 by default)

false, true

outcomeStrategy

Enum

YES

Strategy to use upon successful verification of the User.

REDIRECT, NOTIFICATION

accessCodeLifetime

PeriodDureation

YES

Lifetime of the access code that provides access to the tasks.

-

accessCodeType

String

YES

Type of the access code that provides access to the tasks.

PASSWORD_RESET_PUBLIC_REDIRECT

accessCodeUseCount

Integer

NO

Indicates the number of times the Access Code can be used. This is decremented at each use.

1

accessCodeUseStrategy

String

NO

Indicates the strategy to use to decrement the useCount.

  • access - the useCount is decremented immediately upon Access Code use

  • task - the useCount must be decremented by the executed task(s)

For the task strategy, decrement must be handled in the script task, it will not be done automatically.

ACCESS, TASK

successActions

String

NO

Action executed when the public access is performed successfully, for example a notification to be sent upon successful verification of the user.

-

failureActions

List<Action>

NO

Action executed when the public access is failed, for example a notification to be sent upon failed verification of the user.

-

successActions & failureActions Properties

Properties name

Type

Mandatory

Description

Values (default value in bold)

action

Action

YES

The action to execute.

-

Examples

Action script to send a simple notification :

CODE 
  <action class="actionNotification">
    <config xsi:type="ctdrule:CitadelNotificationConfigurationType">
        <notifications>PAC6-common-passwordRecovery-emailDefinition</notifications>
    </config>
  </action>

intents Properties

Each intent will have the following configuration:

Properties name

Type

Mandatory

Description

Values (default value in bold)

intent

String

YES

The Identifier of the Self-Service Feature to use for the corresponding Public Access.

-

searchAttributes Properties

Each attribute will have the following configuration:

Properties name

Type

Mandatory

Description

Values (default value in bold)

attribute

String

YES

Attributes used to find the Identity.

-

verificationAttributes Properties

Each attribute will have the following configuration:

Properties name

Type

Mandatory

Description

Values (default value in bold)

attribute

String

NO

Attribute that will need to be compared with the actual Identity's attribute to verify the user.

-

Example

Code

Preview

Minimum configuration

CODE 
<?xml version="1.0" encoding="UTF-8"?>
<kit:DataSet xmlns:ctd="http://www.memority.com/citadel/1_0" xmlns:ctdbpmn="http://www.memority.com/citadel/bpmn/1_0" xmlns:ctdbum="http://www.memority.com/citadel/bum/1_0" xmlns:ctdcore="http://www.memority.com/citadel/core/1_0" xmlns:ctdidm="http://www.memority.com/citadel/idm/1_0" xmlns:ctdrule="http://www.memority.com/citadel/rule/1_0" xmlns:ctdtnt="http://www.memority.com/citadel/tnt/1_0" xmlns:kit="http://www.memority.com/toolkit/1_0" xmlns:rule="http://www.memority.com/toolkit/rule/1_0" xmlns:ruleaddon="http://www.memority.com/toolkit/addons/rule/1_0" xmlns:search="http://www.memority.com/toolkit/search-expression/1_0" xmlns:security="http://www.memority.com/toolkit/security/1_0" xmlns:settings="http://www.memority.com/toolkit/addons/settings/1_0" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <ctdbum:PublicAccessConfiguration id="passwordRecovery">
      <name>lost password</name>
      <description></description>
      <intents>
         <intent>reset-password-self</intent>
      </intents>
      <searchAttributes>
         <attribute>firstName</attribute>
         <attribute>lastName</attribute>
      </searchAttributes>
      <scope objectKind="IDENTITY" type="EXPRESSION">
         <objectTypes/>
         <searchExpression/>
      </scope>
      <captcha>true</captcha>
      <verificationAttributes>
         <attribute>country</attribute>
         <attribute>city</attribute>
      </verificationAttributes>
      <askSecurityQuestions>false</askSecurityQuestions>
      <outcomeStrategy>REDIRECT</outcomeStrategy>
      <accessCodeLifetime>P1D</accessCodeLifetime>
      <accessCodeType>PASSWORD_RESET_PUBLIC_REDIRECT</accessCodeType>
      <accessCodeUseCount>1</accessCodeUseCount>
      <accessCodeUseStrategy>ACCESS</accessCodeUseStrategy>
      <successActions/>
      <failureActions/>
   </ctdbum:PublicAccessConfiguration>
</kit:DataSet>

Configuration without Verification Attributes

CODE 
<?xml version="1.0" encoding="UTF-8"?>
<kit:DataSet xmlns:ctd="http://www.memority.com/citadel/1_0" xmlns:ctdbpmn="http://www.memority.com/citadel/bpmn/1_0" xmlns:ctdbum="http://www.memority.com/citadel/bum/1_0" xmlns:ctdcore="http://www.memority.com/citadel/core/1_0" xmlns:ctdidm="http://www.memority.com/citadel/idm/1_0" xmlns:ctdrule="http://www.memority.com/citadel/rule/1_0" xmlns:ctdtnt="http://www.memority.com/citadel/tnt/1_0" xmlns:kit="http://www.memority.com/toolkit/1_0" xmlns:rule="http://www.memority.com/toolkit/rule/1_0" xmlns:ruleaddon="http://www.memority.com/toolkit/addons/rule/1_0" xmlns:search="http://www.memority.com/toolkit/search-expression/1_0" xmlns:security="http://www.memority.com/toolkit/security/1_0" xmlns:settings="http://www.memority.com/toolkit/addons/settings/1_0" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <ctdbum:PublicAccessConfiguration id="passwordRecovery">
      <name>lost password</name>
      <description></description>
      <intents>
         <intent>reset-password-self</intent>
      </intents>
      <searchAttributes>
         <attribute>user_id</attribute>
      </searchAttributes>
      <scope objectKind="IDENTITY" type="EXPRESSION">
         <objectTypes/>
         <searchExpression/>
      </scope>
      <captcha>false</captcha>
      <askSecurityQuestions>true</askSecurityQuestions>
      <outcomeStrategy>REDIRECT</outcomeStrategy>
      <accessCodeLifetime>P1D</accessCodeLifetime>
      <accessCodeType>PASSWORD_RESET_PUBLIC_REDIRECT</accessCodeType>
      <accessCodeUseCount>1</accessCodeUseCount>
      <accessCodeUseStrategy>ACCESS</accessCodeUseStrategy>
      <successActions/>
      <failureActions/>
   </ctdbum:PublicAccessConfiguration>
</kit:DataSet>

Read Next

General Configuration Principles β€” Overview of Memority’s general configuration principles.
Data Model β€” Describes objects and their attributes like Identity, Organization, Roles, etc.
Features β€” Design screens and business features to manage objects.
Workflows β€” Trigger workflows to validate an action (e.g., object, role assignment).
Policies β€” Scheduled or triggered automatic actions on objects.
Login Tasks β€” Request users to execute tasks before accessing the User Portal.
Public Access β€” Allows unauthenticated access to certain features.
Notifications β€” Send notifications based on object lifecycle or feature validation.
Synchronization β€” Objects Synchronization with external accounts hosted on remote applications.
Recertification β€” Create and schedule campaigns to review assigned roles.
Reporting β€” Create reports, displaying lists, aggregated data, or charts.
Rights β€” Defines rights granted to identities via roles.
System β€” Manages global configuration, such as files, settings, and logs.
Customization β€” Customize colors and translations of the user portal.
Rules & Actions API β€” Write reusable scripts to automate tasks.
API Guardian Guide β€” Expose APIs to allow integration with applications.
Access β€” Allow the configurator to manage access features.
Federation β€” Integrate applications with Memority using standards like SAML, OAuth2, or OIDC
Authentication β€” Define authentication methods based on criteria.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close