Signup#
A person can register themselves with Skalio ID by providing an email address which is under their control.
After signup a person has to demonstrate they have control over that email address within seven days, otherwise the account and all data it is responsible for will be deleted automatically.
Details#
While not mandatory, it is recommended that the signup includes the persons name, locale and timezone.
The entity of a person in the Skalio ID realm has one or more email-addresses as its external identifiers. During signup the user must provide an email address and a new password. The server then creates the entry in the database and issues a short-lived ID token. The email is marked as primary, but not verified.
While the ID token is immediately usable, it expires early, limits the users functionality and has a low authLevel. Once the token expires, the person must authenticate himself again, providing email address and password. To resolve this limitation, the person must complete email address verification.
Organization membership#
API versions v1 and v2 automatically create an organization for the person during signup, with the new person becoming a member of the organization with admin privileges.
From API version v3 onwards, signup only creates the new person. A person can then choose to create his own organization or get assigned to an organization by an administrator.
Alternatively the person can accept an invitation to join an organization.
Note: a person cannot leave an organization by himself. Removing membership requires organization admin privileges.
Email address verification#
In order to verify the email address, the person must prove that he has control over it. In the background during signup, Skalio ID sends an email notification containing a shared secret, which the user must provide back to Skalio ID within a short time window.
After successful email confirmation, the account setup is considered completed. The email is marked as primary and verified. The existing, valid ID token with low authLevel can be upgraded, or the person can authenticate himself separately. Skalio ID issues verified persons with standard ID tokens with a higher authLevel.
Expiration of unverified persons#
If seven days after creation an email address is still not verified, it is removed from the person. If this is the primary address, and as a result, no address of the person have been verified yet, the person is removed completely.
This may lead to an abandoned organization. Since there is no way to recover these organizations, they are removed, complete with all the data they are responsible for.
Service Limitations#
A person with an unverified primary email address experiences limitations in the service
Skalio ID#
- Validity of the ID token is greatly reduced. It expires within 24 hours.
| Area | Allowed | Not Allowed |
|---|---|---|
| Authentication | - re-request email verification - request password reset |
|
| Profile Management | - update own profile - add other email addresses - change password |
- public profile - delete person (self) - register 2FA methods |
| Organization Management | - update the profile of the organization | - add other persons - join other organizations |
Spaces#
- An unverified person is not allowed to interact with other persons.
| Area | Allowed | Not Allowed |
|---|---|---|
| Space Management | - create, update, delete spaces | |
| Collaborator Management | - invite persons - accept invitations to other spaces - assign collaborators - accept assignations to other spaces |
|
| Files | - upload, replace, download, delete files |