User Invite Workflow¶
The User Invite Workflow in our platform ensures that only eligible users can join via an invitation link. This controlled approach prevents unauthorized access by limiting sign-ups to invites only.
Overview¶
There are two main components of the User Invite Workflow:
- Invitation Process: Sending an invite link to a user's email, initiating their signup process.
- Access Control: Users can only access the platform through an invitation link, with no public signup available.
Key Points¶
- Restricted Signup: There is no public signup page; users can only sign up via an invite link.
- Invitation Sources:
- Project Page: Admins can invite users specifically to a project.
- Team Page: Users can be invited by selecting multiple projects under a team.
Workflow Steps¶
Invitation Process¶
-
Initiate Invite:
Project Page: Only admin users can invite users to specific projects.
Team Page: Users can be invited to multiple projects within a team.
-
Validations:
Email Domain Validation: The domain of the invited email must match the allowed domains of the organization.
Example: If "jon.doe@gmail.com" is invited to the organization "Nepal," "gmail.com" must be listed in "Nepal’s" allowed domains.
Inviter Permissions Validation:
- Admin: Can invite users to any organization.
- Non-Admin: Can only invite users within their own organization, provided they have the "Invite Permission".
Existing User Check:
- If the email exists in another organization, the invite is blocked.
- If the email was previously invited, the system reinvites the user.
-
Create Records:
A new entry is created in the
vt_userstable with aninvitedstatus.A new entry is created in the
vt_team_invitestable, storing:- JSON list of all projects the user is invited to.
- Team ID where the invite originates.
-
Event Emission:
UserInvitedEventis emitted for a new invite.UserProjectAddedEventis emitted if the user is being reinvited. -
Email Notification: An invitation email with a signup link is sent to the invited user.
Invitation Process Diagram
flowchart TD
A([Start Invitation]) --> B{Is Email Domain Allowed?}
B -->|No| F([Fail: Domain Not Allowed])
B -->|Yes| C{Does Inviter Have Invite Permission?}
C -->|No| G([Fail: No Invite Permission])
C -->|Yes| D{Does Inviter’s Org Match Invited Org or Is Admin?}
D -->|No| H([Fail: Org Mismatch])
D -->|Yes| E([Send Invitation to User])
E --> I([End Process])
Signup Process¶
The Signup Process ensures that invited users can create an account on the platform securely and gain access to the appropriate resources. This process is triggered exclusively via an invitation link.
Once a user receives an invitation, they can initiate the signup process through a unique link. This link directs the user to the platform's signup page, where they complete their account registration by filling out required information.
Process Steps
-
Invitation Link:
-The invited user receives an email with a unique invitation link.
-By clicking the link, the user is directed to the platform's signup page.
-
Account Creation Form:
-The user fills out a form with necessary information, including a secure password.
-Upon submitting the form, the signup process progresses to initiate backend workflows.
-
UserRegistrationWorkflow Execution:
The
UserRegistrationWorkflowworkflow, managed in Temporal, is invoked to handle the signup tasks. This workflow performs several important steps:-Email Validation: Ensures the provided email matches the invitation and is valid for the platform.
-User Details Update: Updates the user details with the information provided during signup.
-Auth0 User Creation: Creates the user account in Auth0 using the Auth0 SDK for secure authentication.
-Project Assignment: Adds the user to the assigned projects as specified in the initial invitation.
-API Key Creation: Generates an API key for the user in Kong for secure API access.