Based on your customer IAM use cases, you can optionally offer users the opportunity to confirm the ownership of the email address associated with their accounts. This configuration is optional and can be configured on a per-local identity profile basis.
When enabled, PingFederate generates a notification message for email ownership verification as the user submits the registration request. The email-verification message is valid for a configurable amount of time, 24 hours by default. If the user cannot find the previously sent message, the user can request another one by accessing the email ownership verification endpoint. Moreover, if profile management is enabled, the profile management page displays a reminder until the user verifies the associated email address as well. Like other local identity fields, the email verification status is stored in the directory and can be relayed to the applicable target applications through IdP authentication policies.
Select the Enable Email Ownership Verification check
box if you want to offer users the opportunity to verify the email address
associated with their accounts.
This check box is not selected by default.Note:
The rest of the steps are applicable only if email ownership verification is enabled.
Select a field from the Email Address Field list.
The field value represents the recipient of the verification message.
Only fields that use the Email or Text input control are eligible and shown.
Select a field from the Ownership Status Field
The field value represents the email ownership verification status. PingFederate sets the value to
falsein the directory when it receives a new or an updated email address from the user. Once the user verifies the email ownership, PingFederate sets the value to
Only fields that use the Hidden input control are eligible and shown.
If you want to modify the longevity of the link in the email-verification
message, update the One-Time Link Lifetime field.
The default value is
1440in minutes (24 hours).
If you want to use different template files for various events, update the
applicable template fields.
These templates are only applicable when using an SMTP Notification Publisher instance to deliver email-verification messages.
Default template files are documented in the following table.
Template field Default value Email Template message-template-email-ownership-verification.html Sent Template local.identity.email.verification.sent.html Success Template local.identity.email.verification.success.html Error Template local.identity.email.verification.error.html
Note that the email template file is located in the <pf_install>/pingfederate/server/default/conf/template/mail-notifications directory while the rest can be found in the template directory.
Select a notification publisher instance from the list.
If you have not yet configured the desired notification publisher instance, click Manage Notification Publishers.