Accounts
🦺 Account Types
There are primarily two types (or groups) of users in the platform - Participants & Organizers.
👨💻️ Participants
Participants are users who are participating in the CTF. They represent individual users who might be participating either individually or as a member of a team.
Users without a team are considered individual participants.
Users without a role assigned to them are treated as participants of the CTF. They shall not have any access to the admin panel or sensitive APIs.
👨✈️ Organizers
Organizers are users from the organizing team who are responsible for managing the CTF. They are assigned a role and have access to the admin panel and for performing various other actions/activities on the platform.
Users with an active role assigned to them are treated as organizers of the CTF. They have access to the admin panel, and can perform actions based on the permissions available to their role.
Converting between participant and organizer
In the admin panel, while editing users, there is an option to set the role of the user. If the user previously did not have a role (registered as contestant), then assigning a role will automatically make the user an organizer. Similarly, removing the role will make the user a participant.
Challenge developers, organizing team volunteers and other important users should be made organizers by assigning them roles with appropriate permissions, so that they can help manage the CTF.
🔄 Resetting Password
If a user forgets their password, they can reset it by clicking on the "Forgot Password" link on the login page. They will be asked to enter their email address, and an OTP will be sent to their email address. The user will be asked to enter the OTP on the next page, and if the OTP is correct, they will be asked to enter a new password.
To support this feature, the platform requires an SMTP server to be configured. This can be configured
from Settings -> Advanced Settings -> Email
.
Further, the resetting password can be disabled/enabled by the organizers from
Settings -> Security & Privacy -> Password Policy
.
Organizers with permission to manage users can also reset (update) the password of other users from the admin panel on their behalf.
📨 Email Verification
The platform supports enforcing email verification for users who register on the platform. This can be enabled from
Settings -> Advanced -> Email Settings
.
When enabled, users will be asked to verify their email address during the registration process, and until they verify their email address using an OTP sent to their email address, registration will not be processed.
There is also a feature in the platform to restrict registrations by asking them to enter a join password (invitation code),
which can be enabled from Settings -> Advanced -> Registration Settings
.
For enterprise users, the platform supports SSO, which can be configured from Settings -> Security & Privacy -> SSO
.
Through this feature, users can be automatically logged in to the platform using their SSO credentials while those
without it can be restricted. Further, the platform also supports restricting authentication with SSO only -
Passwordless mode.
🪪 Custom Profile Fields
Organizers can configure custom profile fields for user accounts from the registration settings. These fields can be used to collect additional information from users, such as their affiliation with school / university / organization, gender, shirt size, phone number or other information that may be relevant to the event.
During registration the user would be asked to fill into the custom fields.The user can also edit the fields later through the manage account page. These fields are never shown in the user's profile page, and can be accessed only by the organizers through the manage users page or by exporting user data as CSV.