Activation Keys
Upon new person creation or authorized reset request, credentials are assigned and an activation key to set up these credentials is generated. For example, a Kerberos principal is allocated/created but no password is set on it. The activation key can then be used to select the initial password.
To be used by the end user, the activation key must be transmitted to the end user in one of the following manners, according to the local configuration and with appropriate local agreements in place:
- SMS to registered cell phone
- Email to registered address
- Displayed in Web UI
- Returned over REST interface
The delivery method is recorded for LoA calculation. The activation key is valid for a limited time, by configuration (eg: 48 hours).