IDaaS CIAM supports account registration and logon using a username, email address, or phone number combined with a password. This document covers the registration flow, logon flow, and the security configurations available for account password authentication.
Prerequisites
Before you begin, ensure that you have:
An active IDaaS CIAM instance
Short Message Service (SMS) configured — IDaaS requires a verified phone number as one of the account identities, so configure the SMS gateway in IDaaS before enabling registration. Activate SMS through Cloud Communication and complete the configuration within 5 minutes
How it works
Account + password authentication is the most widely supported logon method. IDaaS CIAM lets users register and log on using any of the following account identifiers combined with a password:
| Identifier | Description |
|---|---|
| Username | A username chosen at registration |
| Email address | An email address |
| Phone number | A verified phone number (required by default) |
Registration flow
The registration flow is documented in the service invocation sequence diagram. For API documentation, contact the IDaaS product team.
Logon flow
The logon flow is documented separately. For API documentation, contact the IDaaS product team.
For UI design reference, see the account password registration/logon page design reference.
Security configurations
Brute-force attack protection
IDaaS generates a CAPTCHA challenge after 2 consecutive failed logon attempts within 3 minutes for the same account. This protection is enabled by default.
Required registration information
IDaaS CIAM accounts must include a phone number by default. A verified phone number is required during registration.
Two-factor authentication
For account password logon, IDaaS CIAM allows specified applications to enable two-factor authentication (2FA) using text message Captcha to verify user identity again, significantly improving access security.