4.1 Register with Password

The registerEmployeeWithPassword function creates a new employee on Bayun's system with supplied (companyName, companyEmployeeId) combination, for subsequent authentication requests from this app using the given password, and initializes this employee's access to Bayun.

Let's say the user is registering an employee account with the app using their login-id of username@bayunsystems.com.

• sessionId : Unique sessionId.

  You can provide a unique sessionId to the registerEmployeeWithPassword function call. If an empty sessionId i.e " " is provided, Bayun creates and returns a unique sessionId in the successful registration response in ShAuthenticateResponse.

  Same sessionId should be provided in all the subsequent calls to the Bayun APIs as an argument.

• companyName : Unique name of the company/tenant the registering employee belongs to, preferably in domain-name format for consistency, e.g. bayunsystems.com. This assumes that the user is getting access to the corresponding enterprise tenant with the same domain-name managed by their employer. In some cases the email domain of the user could be different from the domain of the tenant this user belongs to e.g. username@customdomain.com registering on a tenant with domain bayunsystems.com as a contractor, or on a generic tenant for individual accounts in a consumer use-case (e.g. tenant domain of “gmail.com”). In such a case, the domain-name part of the tenant is what should be used as the companyName parameter. Alternatively you can also choose to pass app's own internal companyId/tenantId for the registering employee as a parameter.

• companyEmployeeId : EmployeeId unique within the company, e.g. username@bayunsystems.com. While just the "username" portion might suffice in some cases, it is preferable to use the full loginId for consistency (especially considering that full loginId has to be anyway used for a contractor or consumer use-case). Alternatively you can also choose to pass app's own internal employeeId that is unique within the specific companyName that was used above.

• password : Password of the employee. Used to keep employee secret keys protected. Never stored or transmitted by BayunSDK in clear. If the developer wishes, it can be a cryptographic hash of the password instead of the cleartext password itself. Bayun just needs a unique secret known to the employee only, or something unique generated from it, for keeping the employee lockboxes protected in such a way that nobody other than the employee has access to it (similar to how iPhone does it with user’s device PIN).

The registerEmployeeWithPassword function returns shared pointer to the classAuthenticateResponse i.e ShAuthenticateResponse.

Following are the possible values of BayunAuthResponseCode in ShAuthenticateResponse:

• Success : Authentication is successful.

• EmployeeAuthorizationPending : When BayunCore is inited with App Secret having only role Creation , EmployeeAuthorizationPendingis returned as BayunAuthResponseCode when a new employee is created. Employee Public Key data is returned as employeePublicKey. Check Authorize Employee for employee authorization.

First account of the Company registered with Bayun is the Security Admin account which has security administrative privileges.

Sample Code

C++

#include "BayunCore.h"

std::string sessionId = "<sessionId>"
std::string companyName = "bayunsystems.com"; // company portion from loginId
std::string companyEmployeeId = "username"; //username portion from loginId
std::string password = "<employeePassword>";

Bayun::ShAuthenticateResponse authResponse =
bayunCore->registerEmployeeWithPassword(sessionId, companyName, companyEmployeeId, password);
if (authResponse != nullptr) {
  std::string sessionId = authResponse->sessionId.c_str();
  Bayun::BayunAuthResponseCode responseCode = authResponse->responseCode;
  
  if (responseCode == Bayun::BayunAuthResponseCode::Success) {
    //perform Bayun Operations
  }  else if (responseCode == Bayun::BayunAuthResponseCode::EmployeeAuthorizationPending) {
    //EmployeeAuthorizationPending
  }
}