Skip to main content

Configure the Settings

Set up how you want your users to sign up or sign in by configuring the Registration Manager settings. In Console, select Registration Manager and select a Registration Manager configuration which you have deployed in the previous step. Then, select the Settings tab. Read further to learn more about each setting.

Connect AWS Cognito

This section displays the App ID required for you to initially deploy the Registration Manager stack.

To adjust the Magic Link URL needed for passwordless registration, click 'Advanced'. This must be a page on your site where the user should be redirected after signing in/up.

Optionally, you may Enable Edit AWS Cognito Config to edit the details you have previously provided during the deployment process. Note that we do not recommend tinkering with these settings if you are not familiar with Cognito:

  • User Pool ID

  • Identity Pool ID

  • Client ID

  • Domain

  • S3 bucket name

  • Role ARN

  • Pinpoint App ID

  • Analytics Function ARN

  • Sync Function ARN

Social Login

When you set up social login, your users can register or log in to your sites with their Apple, Google, or Facebook accounts. Each social login provider requires certain steps in order to obtain the appropriate setup information.

Click on each application below to learn how to obtain the required identifiers.

Once you've obtained the required IDs, go to the Social Login section of the Registration Manager settings and enter the following for each application:

  • Sign up with Apple: Enter the services ID, team ID, key ID and a private key.

  • Sign up with Google: Enter the client ID and client secret.

  • Sign up with Facebook: Enter the client ID, client secret and choose an API version. We recommend choosing the latest possible API version, as each Facebook API has a lifecycle and deprecation date. Facebook scopes and attributes can vary between API versions. Test your social identity login with Facebook to ensure that federation works as intended.

Apple

  1. Create a developer account with Apple.

  2. Sign in with your Apple credentials.

  3. On the left navigation bar, select Certificates, IDs & Profiles.

  4. On the left navigation bar, select Identifiers.

  5. On the Identifiers page, click the + icon.

  6. On the Register a New Identifier page, select App IDs, and then click Continue.

  7. On the Register an App ID page, do the following:

    1. Under Description, type a description.

    2. Under App ID Prefix, type an identifier. Make a note of the value under App ID Prefix as you will need this value in the Console configuration

    3. Under Capabilities, choose Sign In with Apple, and then click Edit.

    4. On the Sign in with Apple: App ID Configuration page, select the appropriate setting for you app, and then click Save.

    5. Click Continue.

  8. On the Confirm your App ID page, click Register.

  9. On the Identifiers page, hover over App IDs on the right side of the page, select Services IDs, and then click the + icon.

  10. On the Register a New Identifier page, select Services IDs, and then click Continue.

  11. On the Register a Services ID page, do the following:

    1. Under Description, type a description.

    2. Under Identifier, type an identifier. Make a note of this Services ID as you will need this value in the Console configuration.

    3. Select Sign In with Apple, and then choose Configure.

    4. On the Web Authentication Configuration page, choose a Primary App ID. Under Web Domain, type your user pool domain. Under Return URLs, type your user pool domain and include the /oauth2/idpresponse endpoint. For example;

      https ://<your-user-pool-domain>/oauth2/idpresponse

    5. Click Add, and then Save. You do not need to verify the domain.

    6. Click Continue, and then click Register.

  12. On the left navigation bar, select Keys.

  13. On the Keys page, click the + icon.

  14. On the Register a New Key page, do the following:

    1. Under Key Name, enter a key name.

    2. Select Sign In with Apple, and then click Configure.

    3. On the Configure Key page, select a Primary App ID, and then click Save.

    4. Click Continue, and then click Register.

  15. On the Download Your Key page, Download the private key and note the Key ID shown, and then click Done. You will need this private key and the Key ID value shown on this page in the Console configuration.

Google

  1. Create a developer account with Google.

  2. Sign in with your Google credentials.

  3. Select CONFIGURE A PROJECT.

  4. Enter a project name, and then click NEXT.

  5. Enter your product name, and then click NEXT.

  6. Select Web browser from the Where are you calling from? drop-down list.

  7. Enter your user pool domain into the Authorized JavaScript origins field. For example;

    https://<your-user-pool-domain>

  8. Click CREATE. You will not use the Client ID and Client Secret from this step.

  9. Click DONE.

  10. Sign in to the Google Console.

  11. On the left navigation bar, select Credentials.

  12. Create your OAuth 2.0 credentials by selecting OAuth client ID from the Create credentials drop-down list.

  13. Select Web application.

  14. Enter your user pool domain into the Authorized JavaScript origins field. For example;

    https://<your-user-pool-domain>

  15. Enter your user pool domain with the /oauth2/idpresponse endpoint into the Authorized Redirect URIs field. For example;

    https://<your-user-pool-domain>/oauth2/idpresponse

  16. Click Create twice.

  17. Note the OAuth client ID and client secret. You will need them for the next section.

  18. Click OK.

Facebook

  1. Create a developer account with Facebook.

  2. Sign in with your Facebook credentials.

  3. From the My Apps menu, select Create New App.

  4. Enter a name for your Facebook app and select Create App ID.

  5. On the left navigation bar, select Settings, and then select Basic.

  6. Note the App ID and the App Secret. You will use them in the next section.

  7. Click + Add Platform from the bottom of the page.

  8. Select Website.

  9. Under Website, enter a sign-in URL for your app client endpoint into Site URL. Your sign-in URL should be in the following format:

    https://your_user_pool_domain/login?response_type=code&client_id=your_app_client_id&redirect_uri=your_callback_url

  10. Click Save changes.

  11. For App Domains, enter your user pool domain. For example;

    https://your_user_pool_domain

  12. Click Save changes.

  13. From the navigation bar, select Products, and then Set up from Facebook Login.

  14. From the navigation bar, select Facebook Login and then Settings. Enter your redirect URL into Valid OAuth Redirect URIs. The redirect URL will consist of your user pool domain with the /oauth2/idpresponse endpoint. For example;

    https://your_user_pool_domain/oauth2/idpresponse

  15. Click Save changes.

Sign In / Sign Up Options

To simplify the sign in and sign up flow, you can choose to use the passwordless flow. If you enable any of the options below, the Forgot password flow will automatically be disabled.

  • Passwordless login: When enabled, users will only need to provide an email address to login. After clicking the sign in button, the user will receive an email containing a Magic Link which upon clicking will sign in the user.

  • Passwordless registration: When enabled, users only need to provide an email address to register. After clicking the sign up button, the user will receive an email containing a Magic Link to register to your site.

Note

Magic Link sent to your users will only be valid for 3 minutes.

Optionally, you enter a URL in the "Passwordless link URL" field (must be a page on your site) where the user should be redirected after signing in via passwordless login. By default, the users would be redirected to your homepage.

Log Consent to PreferenceLink

PreferenceLink can be integrated with Registration Manager to keep a ledger of all consent transactions in Registration Manager. To integrate PreferenceLink with Registration Manager, you must provide an API key from the integration schema. To do this:

  1. Create a schema in PreferenceLink using the Registration Manager Schema template.

    1. In Console, go to PreferenceLink > Schemas and click New.

    2. Select the "Registration Manager Schema" template.

    3. Enter a name for the schema and click Save.

  2. Then, you must create an integration for the schema with Read and Write permission.

    1. Open the schema you just created, select the Configuration tab and click New.

    2. Enter an Integration name and under “Select API Access Options”, select both Read and Write.

    3. Click Save. Keep the provided API key.

  3. In the Registration Manager settings under "Log Consent to PreferenceLink", select the fields that should be passed and enter the API key you’ve just obtained.

Note

Email is a mandatory field as this is used as the identifying value for the consent transactions.

Authenticated Traffic Solution (ATS)

Select Enable ATS to generate an envelope using the email addresses provided in Registration Manager. In the dropdown option, select an existing configuration ID you want to link it with.

Note

Only configurations tied to approved placements are visible here. To learn more, see Submit for Privacy Review.

Policies

This option allows you to set requirements for your user’s passwords. The password policies are a crucial part to your user pool security and we recommend enabling all of the requirements to create strong passwords for your users.

Your users are allowed to use the following in their passwords:

  • Uppercase and lowercase Basic latin letters

  • Numbers

  • Special characters

You can specify the passwords to require the following:

  • A minimum length (you can adjust the length requirement but it must be at least 6 characters and maximum 99 characters)

  • Require numbers

  • Require a special character

  • Require uppercase Basic Latin letters

  • Require lowercase Basic Latin letters

Special characters supported: ^ $ * . [ ] { } ( ) ? " ! @ # % & / \ , > < ' : ; | _ ~ `

reCAPTCHA

reCAPTCHA is a free service that protects your site from spam and abuse. It uses advanced risk analysis techniques to tell humans and bots apart. To enable reCAPTCHA for Registration Manager, you must have a Secret key and Site key. The Site key is used to invoke reCAPTCHA service on your site or mobile application. The Secret key authorizes communication between your application backend and the reCAPTCHA server to verify the user's response.

Note

Registration Manager currently supports reCAPTCHA v3.

To obtain the Secret key and Site key:

  1. Sign up for reCAPTCHA. Make sure you select reCAPTCHA v3 and fill in the authorized domains or package names.

  2. Accept the terms of service and click Register. You will then receive a new API key pair consisting of a Secret key and Site key.

  3. In the Registration Manager settings, paste the Secret key and site key in the relevant fields under reCAPTCHA.

In this section: