Security

We have an Aruba installation in our organisation that has several user types created (staff/guest/conference).  The process for guest registering on the system requires them to provide an email address and phone number for sponsored access.  The current issue we have is that as soon as they have entered their information and submitted the form they are presented with their log-in credentials (receipt page) while they wait for the sponsor to approve them.

What we would prefer is that they are only provided with their log-in credentials AFTER the sponsor has approved them and to only receive them via their phone number or email address so that this can be used as a means of authenticating the information that they have provided links them with an individual.  This is so that we have a relationship between activity on that account with an individual that can be bypassed by the current workflow.

You may say that it is the sponsor's responsibility to confirm the person's identity but when you have 100s of guests entering the building every day this is not always easy.

Does anyone know a way to prevent the credentials being automatically sent through to the Guest after they have registered while they wait for the sponsor to approve them?  And at that point for the credentials to only be sent via email or SMS?  Thanks in advance

While they may have their credentials whilst waiting for sponsor approvel on the receipt page, their account is still disabled, so a login should not be possible, right?

What you can do is HIDE the receipt page:

{literal}
<style>
.nwaForm, #contentContainer {
display: none;
}
</style>
{/literal}

And redirect them to the login page:

<meta http-equiv="refresh" content="1;url=your_login_page_URL.php"/>

And add instructions informing them that they'll receive their credentials via email or SMS. Having said that, that's essentially what we're doing right now, just on the receipt page and not the login page -- the user won't receive their credentials until the sponsor approves.