google · google-oss-robot · Sep 29, 2020 · Sep 29, 2020 · Sep 29, 2020
@@ -9,6 +9,8 @@ This page includes helpful tips for configuring things in production.
 - [User administration](#user-administration)
 - [Rotating secrets](#rotating-secrets)
 - [SMS with Twilio](#sms-with-twilio)
+- [Identity Platform setup](#identity-platform-setup)
+- [Architecture](#architecture)
 
 <!-- /TOC -->
 
@@ -394,6 +396,16 @@ send SMS text messages. To get started:
 
 [gcp-kms]: https://cloud.google.com/kms
 
+## Identity Platform setup
+
+The verification server uses the Google Identity Platform for authorization.
+
+1. Visit the [Google Identity Platform MFA](https://console.cloud.google.com/customer-identity/mfa) page. Ensure the identity platform is enabled for your project and ensure 'Multi-factor-authorization' is toggled on. Here you may also register test phone numbers for development.
+
+2. Navigate to https://firebase.corp.google.com/u/0/project/{your project id}/authentication/emails to modify the email templates sent during password reset / verify email. Customize the link to your custom domain (if applicable) and direct it to '/login/manage-account' to use the custom password selection. You may also customize the text of the email if you wish.
+
+3. Visit [Google Identity Platform Settings](https://console.cloud.google.com/customer-identity/settings) and ensure that 'Enable create (sign-up)' and 'Enable delete' are unchecked. This system is intended to be invite-only and these flows are handled by administrators.
+
 ## Architecture
 
 ![diagram of layout](images/architecture/go-diagrams/diagram.png)
@@ -1,25 +1,16 @@
-# Code issuer user guide   
+# Code issuer user guide
 
 This is a high level guide that can be used as a basic for creating a user guide
 for an individual public health authority that is using the verification server.
 
 ## Account setup
 
-The first time you log in, you must set up your account. Start by clicking on `New User`.
-
-![new user](images/users/step01.png "click on 'New user'")
-
-Enter your email address and create a password. This will only work if your administrator
-has previously enabled an account for your email address.
+An administrator of your realm must invite you to join.
+Expect to receive an email for new account / password reset.
+This will provide a link to set up your account password.
 
 ![new user](images/users/step02.png "Create a password")
 
-Click the 'Send verification email' button and go check your email.
-
-![new user](images/users/step03.png "verify email")
-
-After clicking the link you received in your inbox, come back to this screen and click the `continue` link.
-
 ### Second factor authentication
 
 On your next login, you will be given the option to enroll a second factor for authentication (SMS sent to your personal mobile phone). It is highly recommended to enroll the second factor.
@@ -36,7 +27,7 @@ To issue a verification code
 
     * Both of these dates are optional, but should be entered if they are known.
 
-3. __optional__: Enter the patient's phone number. If entered, this will send them an SMS with the verification code. 
+3. __optional__: Enter the patient's phone number. If entered, this will send them an SMS with the verification code.
 
     * _If this functionality is not available in your area, the input field will not be shown._