5.5. End User Self Service#

This section describes the End User Self Service that allows users to manage their contact information, reset their password, register for and remove their user account from Nubus without administrator interaction.

For information about setting a user password policy, see User password management.

See also

Customization of self-service emails

in Univention Nubus for Kubernetes - Nubus Customization and Modification Manual [4] for information about customization of emails sent by the End User Self Service.

User self services

in Univention Corporate Server - Manual for users and administrators [2] for information about customization of the End User Self Service in a UCS appliance environment.

5.5.1. Change user password through the Portal#

Every signed-in user can change their own password through the Portal. For instructions, see Portal in User password management.

5.5.2. Password management in the End User Self Service#

The End User Self Service is a separate web application. Users find the same modules in the Portal at User menu ‣ User settings. It offers the following modules:

  • My Profile

  • Protect your account

  • Change your password

Alternatively, you can reach the End User Self Service directly through the endpoint /univention/selfservice/.

5.5.3. Contact information#

Users can save additional personal data at the user account object in the Directory Service. The personal data can include the following information:

  • Profile picture

  • Contact information, such as a private address

By default, only administrators can modify user contact information. With the End User Self Service you can enable end users to manage selected account attributes themselves. Fig. 5.6 shows how editing the user profile data looks like.

User profile through the *End User Self Service*

Fig. 5.6 User profile through the End User Self Service#

5.5.4. Self registration#

The End User Self Service allows users to register themselves. The registration creates a user account that the user must verify through email.

The user workflow for the self registration is the following:

  1. User creates their account in the Create an account dialog, see Fig. 5.7.

  2. The End User Self Service sends an email for account verification to the provided email address.

  3. The user opens the page to verify the account using the URL from the invitation email. See Verification email.

  4. The user verifies the account using the token from the invitation email. See Account verification.

User accounts that users created through the End User Self Service have the RegisteredThroughSelfService attribute set to the value TRUE and the PasswordRecoveryEmailVerified attribute set to the value FALSE. After the user has verified their email address and completed the registration procedure, the PasswordRecoveryEmailVerified has the value TRUE.

Fig. 5.7 shows the Create an account dialog during self registration.

Account registration

Fig. 5.7 Account registration#

5.5.4.1. Verification email#

After a user clicked Create account in Self registration, the End User Self Service shows a message similar to Fig. 5.8 that it sent an email for Account verification.

Sending the verification email

Fig. 5.8 Sending the verification email#

5.5.4.2. Account verification#

After the user follows the link in the account verification email, the End User Self Service shows Account verification page similar to Fig. 5.9. It contains the username and the token from the verification email.

Account verification

Fig. 5.9 Account verification#

If the user clicks Verify Account, the End User Self Service confirms with an account verification message similar to Fig. 5.10.

Account verification message

Fig. 5.10 Account verification message#

5.5.5. Self deregistration#

The End User Self Service allows users to request the deletion of their user account.

If a user has requested to delete their user account, Nubus deactivates the user account and doesn’t delete it directly. In addition, it sets the DeregisteredThroughSelfService attribute of the user object to the value TRUE and the DeregistrationTimestamp attribute of the user account to the current time in the GeneralizedTime LDAP syntax. If the user account has the PasswordRecoveryEmail attribute set with an email address, the End User Self Service sends a notification email.