By default, all Aeon installations are set up with Standard Aeon authentication. This type of authentication allows anyone with access to the registration pages to register him or herself, choose a username and password, and then use that username and password to login to the Aeon web later.
New customers are allowed to submit requests immediately after registering but are marked as "not cleared" in the staff interface. Staff can then review those users and disavow them if they are not allowed to use the system (which also cancels the users' requests) or clear them as valid users. The Standard Aeon authentication does not verify user information against any external system upon registration or login. Once a customer registers with Aeon s/he is allowed to login to the web interface until staff either blocks the user from submitting any further requests or disavows the user from the system.
For Standard Aeon authentication, the WebAuthType key in the Customization Manager and should be set to Aeon. This type of authentication allows users to reset their password via the Aeon web interface by providing their usernames and receiving an email with a link to provide a new password. Setting the WebAuthType to Aeon sets the Users.AuthType value to Aeon. All other authentication types set this value to Default.
Basic Standard Authentication Process
For the User
- A first time user would get to the Aeon logon screen and click the First Time Users link.
- User will fill out the New User Registration form (FirstTime.html) and submit it.
- User can then start immediately submitting requests.
For the Staff
- Several times a day, the staff user would check the Users Waiting to be Cleared panel from the Home page menu in Aeon. This will show a list of all newly registered users.
- After reviewing each one, they can click the Clear, Block, Disavow, or Merge User buttons. Each will send the user a note regarding their current Aeon status. Disavow cancels all of their requests. Merge will allow you to merge two accounts together.
This is how Aeon is configured to work upon completion of the installation. No changes are needed to the system to configure it for Standard Authentication. All User information is stored in the Aeon system.
Disabling User Registration for Standard Aeon Authentication
As standard Aeon authentication does not verify user information against any external system upon registration or login before creating the user's account, you may experience periods of bot-driven automatic account creation spam wherein bots use the user registration form to create a large number of accounts in a short period of time. To prevent spam, Aeon can either be configured to use a captcha challenge requirement on the user registration form (NewUserRegistration.html) or user registration can be completely disabled for accounts created through standard Aeon authentication from the registration form using the AeonAuthUserRegistrationEnabled customization key.