5.1 Register with Password

The registerEmployeeWithPassword function creates a new employee on Bayun's system with supplied (companyName, companyEmployeeId) combination, for subsequent authentication requests from this app using the given password, and initializes this employee's access to Bayun. The function takes the following parameters :

Let's say the user is registering an employee account with the app using their login-id of username@bayunsystems.com.

• sessionId : Unique sessionId.

  You can provide a unique sessionId to the registerEmployeeWithPassword function call. If an empty sessionId i.e " " is provided, Bayun creates and returns a unique sessionId in the successful registration response in successCallback.

  Same sessionId should be provided in all the subsequent calls to the Bayun APIs as an argument.

• companyName : Unique name of the company/tenant the registering employee belongs to, preferably in domain-name format for consistency, e.g. bayunsystems.com. This assumes that the user is getting access to the corresponding enterprise tenant with the same domain-name managed by their employer. In some cases the email domain of the user could be different from the domain of the tenant this user belongs to e.g. username@customdomain.com registering on a tenant with domain bayunsystems.com as a contractor, or on a generic tenant for individual accounts in a consumer use-case (e.g. tenant domain of “gmail.com”). In such a case, the domain-name part of the tenant is what should be used as the companyName parameter. Alternatively you can also choose to pass app's own internal companyId/tenantId for the registering employee as a parameter.

• companyEmployeeId : EmployeeId unique within the company, e.g. username@bayunsystems.com. While just the "username" portion might suffice in some cases, it is preferable to use the full loginId for consistency (especially considering that full loginId has to be anyway used for a contractor or consumer use-case). Alternatively you can also choose to pass app's own internal employeeId that is unique within the specific companyName that was used above.

• password : Password of the employee. Used to keep employee secret keys protected. Never stored or transmitted by BayunSDK in clear. If the developer wishes, it can be a cryptographic hash of the password instead of the cleartext password itself. Bayun just needs a unique secret known to the employee only, or something unique generated from it, for keeping the employee lockboxes protected in such a way that nobody other than the employee has access to it (similar to how iPhone does it with user’s device PIN).

• authorizeEmployeeCallback : Block to be executed if employee public key authorization is pending, returns employeePublicKey.

• successCallback : Success block to be executed after successful employee registration.

• failureCallback : Failure block to be executed if employee registration fails, returns BayunError.

First account of the Company registered with Bayun is the Security Admin account.

Sample Code

JavaScript

const sessionId = "<sessionId>";
const companyName = "bayunsystems.com"; // company portion from loginId
const companyEmployeeId = "username";  // username portion from loginId
const password = "<employeePassword>"; 

const successCallback = data => {
    //Employee Registered Successfully
    //Login to continue.
};

const failureCallback = error => {
  console.error(error);
};

const authorizeEmployeeCallback = (data) => {
  if (data.sessionId) {
    if (data.authenticationResponse == BayunCore.AuthenticateResponse.AUTHORIZATION_PENDING) {
      // You can get employeePublicKey in data.employeePublicKey for it's authorization
    }
  }
};

bayunCore.registerEmployeeWithPassword(
      sessionId
      companyName,
      companyEmployeeId,
      password,
      authorizeEmployeeCallback,
      successCallback,
      failureCallback  
);