The Registration Manager is an infrastructure component for creating and managing user accounts. In case of lost login data, passwords can be generated and sent by email.
When requesting the user name for an email address, the user will directly receive an email with its user name. When requesting a new login password for an email address, the user receives an email with a confirmation link (with limited validity), after which a new login password is generated and sent to the user by email.
ID card data can be read out via the ident interface. This data can then be used by the calling application to create/update a user account or to authenticate a user.
There are dependencies on the following applications and services: proNEXT IdP, User Manager, for EID an eID client comparable to the AusweisApp2.
The Registration Manager must be secured via TLS. This TLS certificate is 'interleaved' with the eID authorization certificate, which means: if the TLS certificate is replaced, the eID authorization certificate must also be reapplied for or updated at the eID server operator (Governikus).
In addition to TLS, communication between the Registration Manager, the AusweisApp2 and the autent server is secured by encryption and signature of the content data (SAML protocol). This ensures not only data integrity but also the authorization of the services.
The data read from the ID card is signed and stored in encrypted form in a . Only the service that initiated the readout process is then able to decrypt the data after retrieving it from the Registration Manager. If, in a second step, a new user data record is to be created in the User Manager with this read out ident data or an existing data record is to be supplemented with it, the decrypted content signed by the Registration Manager must in turn be transferred to the Registration Manager. This ensures that the data actually originates from an ID card and is unchanged.
Some REST interfaces of the Registration Manager require a valid ID token issued by the IdP for authentication.