TBC
Self-Registration of users
If your app requires authentication, by default only existing users (you have created) can access your app (e.g. a mediahub) and only if you grant them access to that app. But, you have also the option to let users use self-registration with an approval process (self-registration plugin is required).
Your app settings must contain a section where the new user process is defined. You can define if an application is required or if newly registered users are automatically approved. You can also define certain origins that are automatically approved, e.g. an email domain like @admiralcloud.com or an IDP like Azure or SAML. The code example shows an app, that requires application, except you come from IDP “Azure-MyCompany” or you have a company email address (from @admiralcloud.com domain).
If an application is required, make sure you have defined users which handle (approve or reject) the application. Those users must have IAM permission “user.informOnRegistration” for resource “acrn:user:CUSTOMERID:CLIENTID”. If none is set, the registration process with return an error message telling you that no-one is defined to handle to approval process.
newUser":{
"applicationRequired":true,
"approvalMap":[
{
"origin":"idp:azure-myCompany",
"reason":"Automatic approval/Login via Azure"
},
{
"domain":"@admiralcloud.com",
"reason":"Automatic approval because of email domain"
}
]
}