Based on your customer IAM use cases, you can optionally offer users the opportunity to confirm the ownership of the email address associated with their accounts. This configuration is optional and can be configured on a per-local identity profile basis.

When enabled, PingFederate generates a notification message for email ownership verification as the user submits the registration request. The email-verification message is valid for a configurable amount of time, 24 hours by default. If the user cannot find the previously sent message, the user can request another one by accessing the email ownership verification endpoint. Moreover, if profile management is enabled, the profile management page displays a reminder until the user verifies the associated email address as well. Like other local identity fields, the email verification status is stored in the directory and can be relayed to the applicable target applications through IdP authentication policies.

  1. Select the Enable Email Ownership Verification check box if you want to offer users the opportunity to verify the email address associated with their accounts.
    This check box is not selected by default.
    Note:

    The rest of the steps are applicable only if email ownership verification is enabled.

  2. Select a field from the Email Address Field list.
    The field value represents the recipient of the verification message.

    Only fields that use the Email or Text input control are eligible and shown.

  3. Select a field from the Ownership Status Field list.
    The field value represents the email ownership verification status. PingFederate sets the value to false in the directory when it receives a new or an updated email address from the user. Once the user verifies the email ownership, PingFederate sets the value to true.

    Only fields that use the Hidden input control are eligible and shown.

  4. If you want to modify the longevity of the link in the email-verification message, update the One-Time Link Lifetime field.
    The default value is 1440 in minutes (24 hours).
  5. Optional: If you want to use different template files for various events, update the applicable template fields.
    These templates are only applicable when using an SMTP Notification Publisher instance to deliver email-verification messages.

    Default template files are documented in the following table.

    Template field Default value
    Email Template message-template-email-ownership-verification.html
    Sent Template local.identity.email.verification.sent.html
    Success Template local.identity.email.verification.success.html
    Error Template local.identity.email.verification.error.html

    Note that the email template file is located in the <pf_install>/pingfederate/server/default/conf/template/mail-notifications directory while the rest can be found in the template directory.

  6. Select a notification publisher instance from the list.
    If you have not yet configured the desired notification publisher instance, click Manage Notification Publishers.