Using Email Address as the Username

WSO2 products can be configured to authenticate users using their attributes. For example, you can use attributes such as email or mobile number to log in instead of logging in using the username. This topic provides instructions on how to set up WSO2 IoT Server to authenticate users using their email address.

Open the <IOTS_HOME>/conf/carbon.xml file.
Find and uncomment the EnableEmailUserName configuration to enable email authentication.
```
<EnableEmailUserName>true</EnableEmailUserName>
```
Open the <IOTS_HOME>/conf/identity/identity-mgt.properties file and set the following property to true to enable hashed usernames.

This step is required due to a known issue that prevents the confirmation codes from being removed after they are used, when email usernames are enabled. This occurs because the '@' character and some special characters are not allowed in the registry. To overcome this issue, enable hashed usernames when saving the confirmation codes by configuring the properties below.
```
UserInfoRecovery.UseHashedUserNames=true
```
Optionally, configure the following property to determine which hash algorithm to use.
```
UserInfoRecovery.UsernameHashAlg=SHA-1
```
Open the <IOTS_HOME>/conf/user-mgt.xml file and add the following property under the relevant user store manager tag. This property specifies the username validation that will be enforced when the EnableEmailUserName option is enabled, using regex (regular expression).

Tip: Theuser-mgt.xmlfile consists of configurations for the primary user store. To configure this for a secondary user store, modify the relevant user store configuration file found in the <IOTS_HOME>/deployment/server/userstoresdirectory instead.
Sample regex
```
<Property name="UsernameWithEmailJavaScriptRegEx">^[\S]{3,30}$</Property>
```

Configure the following parameters in the user-mgt.xml file under the relevant user store manager tag, depending on the type of user store you are connected to (LDAP/Active Directory/ JDBC).
For more information on how to configure a user store, see Configuring User Stores.

JDBC User Store

Note the following when configuring the user store manager:

The properties listed below are not available by default for the JDBCUserStoreManager. Therefore, if you are using a JDBC-based user store, you only need to replace the following property value under the user store tag. This property allows you to add special characters such as "@" in the username.
```
<Property name="UsernameJavaScriptRegEx">^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$</Property>
```
For any other type of user store, configure the properties listed below accordingly.

If the UsernameWithEmailJavaScriptRegEx property has a regular expression including the "@" symbol, it is not necessary to configure the UsernameJavaRegEx and UsernameJavaScriptRegEx properties. The priority order to configure username regular expression properties, are as follows:
1. UsernameJavaRegEx
2. UsernameWithEmailJavaScriptRegEx

Parameter	Description
`UserNameAttribute`	Set the mail attribute of the user. <Property name="UserNameAttribute">mail</Property>
`UserNameSearchFilter`	Use the mail attribute of the user instead of `cn` or `uid`. <Property name="UserNameSearchFilter">(&(objectClass=identityPerson)(mail=?))</Property>
`UserNameListFilter`	Use the mail attribute of the user. <Property name="UserNameListFilter">(&(objectClass=identityPerson)(mail=*))</Property>
`UserDNPattern`	This parameter is used to speed up the LDAP search operations. You can comment out this config. <!--Property name="UserDNPattern">cn={0},ou=Users,dc=wso2,dc=com</Property-->
UsernameJavaScriptRegEx	Change this property under the relevant user store manager tag as follows. This property allows you to add special characters like "@" in the username. <Property name="UsernameJavaScriptRegEx">^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$</Property>
UsernameJavaRegEx	This is a regular expression to validate usernames. By default, strings have a length of 5 to 30. Only non-empty characters are allowed. You can provide ranges of alphabets, numbers and also ranges of ASCII values in the RegEx properties. <Property name="UsernameJavaRegEx">a-zA-Z0-9@._-{3,30}$</Property>
Realm configurations	The `AdminUser` username must use the email attribute of the admin user. <AdminUser> <UserName>admin@wso2.com</UserName> <Password>admin</Password> </AdminUser>

Try it out

To try out this scenario, create a new user with email address as the username and attempt to login to the WSO2 IoT Server device management application using the new user's credentials.

Start the WSO2 IoT Server and login to the device management console via https://localhost:9443/devicemgt.
Click Add under Users.
Enter the required user details and click Add User.
Use an email address as the username when creating the new user, as seen below.
Login to the management console via https://localhost:9443/carbon.
Click on List under Users and Roles on the Main tab, and then click Users.
The new user you created will be listed. Click Change Password to set a new password for the user.
Enter a new password and click Finish.
Access the device management console again and login using the new user's credentials:
- Username: kimwso2@gmail.com
- Password: kimwso2123
You have successfully configured using email address as the username, and logged in using an email address.