Codes and links
These codes and links are generated specifically for each user and have different functions:
Here is the list of existing codes / links and their roles:
Activation codes and links when creating an account
Activation codes and links to add tools to an existing user
Activation code for account restoration (Reset)
Codes and links to unlock a tool, reset PIN codes or password
Links received by email with the "returning" option / reactivation by my account
General remarks
For security reasons, links and codes are for single use only
Links and activation codes are essential, they are generated for a specific identity and therefore must be distributed to the right person. TrustBuilder MFA offers, as standard, the distribution of these activation links to users by e-mail. There are also more secure communication channels depending on your needs.
For security reasons, codes and links have different lifetimes, depending on the case and your needs.
An expired code or link is no longer usable
Generating a new code or link deletes the previous one, only the last code or link generated is valid
Activation codes and links when creating an account (loginCreate operation)
Types of codes
Short activation code (Immediate) - when creating a new user - lasts 15 minutes and is intended for use by a live user (e.g. phone)
Very long activation code (inactive) - Available in IWDS / API - lasts 21 days
Long activation link when creating a user (indicated or sent by email)
The activation link lasts 21 days
Type of action | Scenario | Lifetime | Code size |
|---|---|---|---|
Creation of a user account with a short code (Console or IWDS / API) | In the console: An activation code for immediate use | Short, 15 mn (default duration) | 9 char |
Creation of a user account with an "inactive" activation code (it will become active later, thanks to loginActivateCode) | IWDS | Very long, 21 Days (default duration) | 9 char |
Creation of an activation link with / without sending by email (Console / IWDS / API) | In the console, indicate an email in the user profile during creation with / without Check the option send by email | Very long, 21 Days (default duration) | 20 char |
On expiration
If an account creation activation code or link has exceeded its validity period, the user will automatically switch to expired status. The link or activation code generated when creating a user is unique and results in the automatic expiration of the associated account.
The user account goes to the expired state (reset or deletion required)
If expired, the link or code becomes unusable and causes an error "Cannot activate the TrustBuilder authentication service." This link is not or no longer valid »
To be noted
When an account is pending activation, the link or activation code generated when creating this user appears on the new user profile of the my account console. This is the only (unique) activation item for this account and will be available to administrators until the user completes their "Status: Pending" activation.
Once an account has been activated, the following add tools, unlock codes and links will no longer be displayed on the user's profile.
API call and “My Account” console
"Add a new user" function in the console
The creation of an account by the API (generating a code or an activation link) is available in the documentation by calling "loginCreate" User Management with SOAP API | UserManagementwithSOAPAPI-loginCreate
Different types of code will be generated according to the "codetype" parameter indicated in the "loginCreate" call
The API call "loginSendByMail" must be used immediately to send this code by email to the selected user
Activation codes and links to add tools to an existing user (Connection Add device operation)
Types of codes
Short activation code (Immediate) - for adding a new tool - lasts 15 minutes and is intended for use by a live user (e.g. phone)
The long activation link (Adding a new short tool) lasts 2 days to add a new tool to an existing user (Direct or sent by email)
Type of action | Scenario | Lifetime | Code size |
|---|---|---|---|
Adding a new tool with a short code (Console or API) | In the console: An activation code for immediate use | Short, 15 mn (default duration | 9 char |
Addition of a new tool with a Long Code (Console or API) with or without sending by email | In the console, | Long, 2 Days (default duration) | 20 char |
On expiration
No impact on target account
In case of expiration, the link or the code becomes unusable and causes an error "Unable to activate the TrustBuilder authentication service. This link is not or no longer valid"
To be noted
Once an activation link has been used in a browser, the user only has 15 minutes to activate it (duration of a short code). Beyond that, the user changes to the "expired" status
API call and “My Account” console
"Add a new device with ..." function in the console
The addition of a new tool by the API (generating a code or an activation link) is available in the documentation by the call "loginAddDevice" User Management with SOAP API | UserManagementwithSOAPAPI-loginAddDevice
Different types of code will be generated according to the "codetype" parameter indicated in the call (see "loginCreate" above)
The API call "loginSendByMail" must be used immediately to send this code by email to the selected user
Codes and links to unlock a tool, reset PIN codes or password
When to use it
Unblock codes or links can be used in the following cases:
Reset a user's PIN / password
If the user has forgotten the PIN / password,
In case of blocking (following n incorrect attempts) of the PIN code / password by the user
Unlock the tool by asking for the existing PIN / password
Blocking following erroneous exchanges made with the platform
Block unused tools for a period exceeding the maximum period of inactivity defined in the console (by default 180 days)
Types of codes
Short activation code (Immediate) - lasts 15 minutes and is intended for use by a live user (e.g. phone)
The unlock link has a lifespan of 2 days (Direct or sent by email)
Type of action | Scenario | Lifetime | Code size |
|---|---|---|---|
Unlock code | An unlock code with immediate use | Short, 15 mn (default duration | 9 char |
Direct or Mail unblocking link | In the console: "An unlock link sent by email" or "An unlock link with immediate use" | Long, 2 Days (default duration) | 20 char |
On expiration
No impact on target account
To be noted
An unlock code can only be used from a tool enrolled for that user
API call and "My Account" console
"Reset password with ..." function in the console (+ validation) display of the short activation code in "green" in the console
Resetting the API password (generating an unlock code or a link) is available in the documentation by calling "loginResetPwdExtended" User Management with SOAP API | UserManagementwithSOAPAPI-loginResetPwdExtended
The API call "loginSendByMail" must be used immediately to send this code by email to the selected user
Activation code for account restoration (Reset)
When to use it
A restore operation can take place in the following cases:
users whose status is "expired"
users blocked or having lost their 2 factors:
- Tool factor: no more tools registered / blocked
- Personal factor: PIN code / password blocked
Types of codes
Short activation code (Immediate) - lasts 15 minutes and is intended for use by a live user (e.g. phone)
Type of action | Scenario | Lifetime | Code size |
|---|---|---|---|
Account restoration (console or API) | Reset/Restore user | Short, 15 mn (default duration | 9 char |
On expiration
No impact on target account
In case of expiration, the link or the code becomes unusable and causes an error "Unable to activate the TrustBuilder authentication service. This link is not or no longer valid"
To be noted
A possible alternative to the restore operation is to delete and then recreate the user.
Once an activation link has been used in a browser, the user has only 15 minutes to activate it (duration of a short code).
Effect
When using this restore code
This will remove all tools, user PIN or password
The user will have to create a new password / PIN code (similar to the first user activation procedure)
this keeps its unique TrustBuilder login ID (same user)
this has no effect on the user account until this restore code is used to reset that user's account
API call and "My Account" console
the "Restore user" function of the console (+ validation) displays a short activation code in "green" in the "My Account" console
The restoration of the account by the API (generation of an activation code) is available in the documentation by calling "loginRestore" User Management with SOAP API | UserManagementwithSOAPAPI-loginRestore
Links received by email with the "returning" option / reactivation by "My Account"
Prerequisite
The option "Password recovery by email" must be activated in the "Parameters" tab of the "My Account" administration console (blocked by default)
When to use it
Users will be autonomous to regain access to their account
You must access the "My Account" self-care (http://myinwebo.com/welcome )
The user indicates his email address in the field "Activate TrustBuilder MFA in this browser:"
The user will receive an e-mail in his inbox containing an activation link for each service he can access through the self-care
Types of codes
The email contains long activation links with a lifespan of 2 days, to add a new tool to an existing user (sent by email)
Type of action | Scenario | Lifetime | Code size |
|---|---|---|---|
Mail indication in the "My Account" selfcare | Sending an activation email to the user | Long, 2 Days (default duration) | 20 char |
On expiration
No impact on target account
In case of expiration, the link or the code becomes unusable and causes an error "Unable to activate the TrustBuilder authentication service. This link is not or no longer valid"
To be noted
This option is blocked by default
We do not recommend activating the “returning” option for safety reasons
Once an activation link has been used in a browser, the user has only 15 minutes to activate it (duration of a short code).