- A user creates a new local user account
- A users comes in through SSO but has no email attribute
- A user updates his own email address
- Someone invites a guest via an email address
- ?
When a guest gets invited for the first time, we will create a user account for it. Most likely we will create the email2user mapping so people can keep sharing content with the guest whilst there's no user behind it yet
# Some scenarios to think about
- Jack shares confidential.content with
the.cio@academia.edu - This creates a mapping between the.cio@academia.edu but the link is still unverified
- Jack shares content2 with
the.cio@academia.edu- This adds content2 to the library of the existing guest user
- Alice (NOT THE CIO) signs in through SSO and no email attribute is released
- Because there's no email address available, we cannot create a user account
- Alice is asked to enter an email address and she fills in
the.cio@academia.edu - We can't link up the accounts just yet as otherwise Alice might get access to the confidential content
- To counter this, we send a "please verify your email" to
the.cio@academia.edu(with all the information to update the guest account)
- The CIO has no account (and hasn't been invited yet either)
- Alice signs in through SSO but no email attribute is released
- Because there's no email address available, we cannot create a user account
- Alice is asked to enter an email address and she fills in
the.cio@academia.edu - Even though there's no email present, we can't create the account as we cannot trust Alice
- We send a "please verify your email" to
the.cio@academia.edu(with all the information to create the user account in case Alice is the CIO)