Secure app without front-end user registration

I am working on extranet for my transportation company, and I am wondering if it is possible to make my app secure without front-end user registration?

As in I want to have an admin user(s) at initial creation of the app, but no one can register for app access, user registration can only be done by an authorized admin.

To be a little more clear, when i go to make the app live, can I have a preset admin, so that once the app is live, the admin can login, go to the secure user add page to add a new user/employee?

If this is not possible, can user registration be obtain with a security key/passphrase of sort. The employee goes to the registration page, puts in their email/password, and then the security key/passphrase that gets validated before the user gets registered. If the security key doesnt match they are denied registration?

1 Like

Yes. You can make the secure user add page accessible only to admins by doing these things:

  1. Put everything in the secure user add page in a group, and make that group only visible to user of type admin (Current user’s admin = yes, or something like that)
  2. Add a workflow to that page that navigates away from that page to the index or some other page if Current user’s admin = no
  3. You can generate a random code that can be sent by email (either to an admin or to an authorized user) and you can in the workflow use a “Do when” to only allow signing up the new user if the code matches. You can store the code in the DB, and you can search the forum to see how to do this.

Now one thing is that if someone really wanted to hack this setup, I think they might be able to find a work around, so you may want to think about all the ways in which these steps may be broken.

2 Likes

What is the trick for the workflow for the page. Please forgive I am new to bubble. I did notice the workflow for the page when it is loaded, but haven’t figured out the best options of what’s there. I do get that I will have to some how have to make the initial reference to determine if the user is logged in, and then from there determine if they have the proper persmissions.