By default, all ILLiad installations are set up with Basic ILLiad authentication. This type of authentication allows anyone with access to the registration pages to register him or herself, choose a username and password, and then use that username and password to login to the ILLiad web later. New customers are allowed to submit requests immediately after registering but are marked as "not cleared" in the staff interface. Staff can then review those users and disavow them if they are not allowed to use the system (which also cancels the users' requests) or clear them as valid users.
The Basic ILLiad authentication does not verify user information against any external system upon registration or login. Once a customer registers with ILLiad s/he is allowed to log in to the web interface until staff either blocks the user from submitting any further requests or disavows the user from the system. For Basic ILLiad authentication, the WebAuthType key in the Customization Manager should be set to ILLiad. This type of authentication allows users to reset their password via the ILLiad web interface by providing their usernames and receiving an email with a link to provide a new password. Stand-Alone Registration is allowed with Basic ILLiad Authentication.
For the User
- A first time user would get to the ILLiad login screen and click the First Time Users link.
- The user will fill out the New User Registration form (NewUserRegistration.html) and submit it.
- The user can then start immediately submitting requests.
For the Staff
- Several times a day, the staff user would select the Clear New Customers option from the Pre Processing menu in ILLiad. This will show a list of all newly registered users.
- After reviewing each one, they can click the Clear, Disavow, or Merge buttons. Each will send the user a note regarding their current ILLiad status. Disavow cancels all of their requests. Merge will allow you to merge two accounts together.
This is how ILLiad is configured to work upon completion of the installation. No changes are needed to the system to configure it for Basic ILLiad Authentication. All User information is stored in the ILLiad system.
Disabling User Registration for Basic ILLiad Authentication
As Basic ILLiad Authentication does not verify user information against any external system upon registration or login before creating the user's account, you may experience periods of bot-driven automatic account creation spam wherein bots use the user registration form to create a large number of accounts in a short period of time. To prevent spam, ILLiad can either be configured to use a captcha challenge requirement on the user registration forms (NewUserRegistration.html and LendingNewUserRegistration.html) or user registration can be completely disabled for accounts created through Basic ILLiad Authentication from the registration forms using the ILLiadAuthUserRegistrationEnabled customization key.