Account Activation
Note: This document is based on Jelastic version 4.0
Automatic creation of numerous users via malicious software (bots) can cause the platform loading artificially and harmful overuse of resources, which will limit the legitimate users' access to the platform’s computing power. In order to cull the fake signups and get rid of such problems, you are able to switch on the additional verifications during registration.
Activation is a base solution, provided by obliging users to follow the link to the special form received inside the welcome email. In such a way, the dashboard remains inaccessible until a user activates his account and specifies the desired password in this form. Users' experience during a new account creation with activation enabled is described in the Account Registration document.
And within this guide, you’ll discover how to:
- preconfigure your Jelastic installation for the account activation appliance
- enable the mandatory account activation, which can be additionally complexed with
- mobile number verification (for production use)
- captcha challenge-response test (for POC/demo projects)
Required Preconfigurations
Before enabling activation, it’s necessary to adjust your Jelastic platform for a new registration workflow through tuning the appropriate email templates and registration forms.
Email Customization
You should customize the welcome email templates (that users receive just after submitting the signup form) via JCA panel. We’ll show an example with our default template for trial users group, and you should perform the similar changes for your custom ones.
What’s required to be done:
- Delete the lines with user’s credentials (i.e. Login and automatically generated Password)
- Change the description of link for automatic signing in to the appropriate one, e.g. “Follow the next link in order to complete the registration:” (as this URL will lead to the activation form after the protection enabling)
Thus your welcome email template will look like the following:
Registration Form
For the desired display of a new activation form, you can customize its texts. We provide English and Russian variants of the form localization by default. In the case some additional languages are integrated to your platform, you need to translate the form texts and upload them alongside the default ones. Contact the Jelastic team in order to get the appropriate files and instruction.
Also, pay attention to the logo at the top of the form - it’s similar to the one at the dashboard sign in form and is taken from the JCA > System settings > jclient > HOSTER_LOGO parameter. In the case you are not satisfied with how it’s displaying at a new form, you’ll have to customize it to be suitable for both use cases. Or, you can specify a separate logo to be used here by following this instruction.
In addition, check your custom signup forms (if there are any) and make sure the new registration workflow will not obstruct anything.
Enabling Activation
Once all the abovementioned activities are completed, you can enable the activation protection by following the next steps:
1. Navigate to the JCA > System Settings section, enable the Expert mode, and expand the common parameter’s group.
2. Find the signup.activation.enabled parameter and change its default false value to true.
For now, all of the newly signed up users will be obliged to activate their accounts in order to prove they are real customers and complete the registration. Herewith, you can additionally specify one of the extra verification methods for the new signups to be checked with: using either mobile number or captcha account confirmation.
Mobile Number Verification
Mobile number verification is designed to prevent fake signups through limiting the amount of trial accounts for a single user. If enabled, this option adds one more field to the activation form, where a user have to type a mobile phone number for getting an SMS or mobile call with an account activation code. Herewith, one number could be bound to a single account only.
By default, the registration form is configured for the SMS verification usage (whilst the way it can be adjusted for confirmation via call is described within the linked above doc on OnVerify appliance).
So, after a user clicks the Send/Get a Call button under the specified phone number, the 4-cell field for entering the received verification code will appear below:
In case an SMS/call wasn’t received, a user can either Edit the phone number (if it was specified incorrectly) or Contact support (if any other issue occurred). Also, the amount of tries for the verification code entering is limited per each phone number and can be configured via JCA.
The users' experience during a new account creation with SMS/call verification enabled is described in the Account Registration document.
Enabling Mobile Phone Verification
So, in order to add mobile phone verification to the activation form, perform the following steps:
1. Navigate to the JCA > System Settings section, enable the Expert mode and expand the common parameter’s group.
2. Double-click on the signup.verification.method quota and state the SMS value for it (for both message or call verification; the default one is NONE).
In such a way, all the new users will be obliged to pass the check with an activation code, received via mobile phone number.
Setting the Amount of Code Input Attempts
In order to control the limit of tries for entering the received activation code, the signup.sms.code.attempts quota (located within the System Settings > common JCA section whilst the Expert mode enabled) is used, which default value is 5.
If a user exceeds the stated amount of incorrect code input attempts, the verification will be failed. In this case, the remaining way to complete the registration is to specify another phone number.
API Signup Method Parameters
The above described signup workflow is supplied with a number of dedicated parameters for the signup API method. The detailed information can be found in the Direct URL for Signup doc.
Captcha
One more protection option you can also use in combination with obligatory account activation is captcha verification. This will add a special widget to the activation form, displaying a random combination of characters. They should be retyped by the user to the corresponding field, in order to pass the security check.
Users' experience during a new account creation with captcha enabled is described in the Account Registration document.
Enabling Captcha
For adding a captcha widget to the activation form, perform the following:
1. Navigate to the JCA > System Settings section, enable the Expert mode, and expand the common parameter’s group.
2. Find the signup.verification.method parameter and change its value to CAPTCHA (the default one is NONE).
Hereby, all the new users will be required to pass the captcha verification in addition to the mandatory account activation.