Who can sign up to be a user?

Under Access Control you find all settings regarding who can register to use your schedule(s) and what the registration process will look like. This includes which steps a new user should complete when signing up and which information they should provide in the process.

The Access Control page settings allow you to define all aspects of the registration process:

Control access to your schedule by defining who can register
Collect user data upon registration
Configure whether confirmation and verification is required
Enable other settings with regard to the access of your schedule

It is also possible to allow people to book appointments without registering. In that case you do not need the settings on this page, and you can move on to the next section. Note that certain features, such as tracking booking history, will be unavailable unless users register.

Who can register?

There are six options to control access to your schedule(s), ranging from open to very restrictive. Each option offers a different level of security and flexibility, allowing you to choose the one that best suits your needs. Here is a breakdown of these options:

Anyone can sign up: the easiest and most user-friendly way to manage access to your schedule is to allow anyone who can find it to register as a user. This option is ideal if you use your schedule for commercial purposes.
Shared password: only users who know the shared password can log in. Although this option helps prevent random visitors to your schedule from gaining access, there is no way to block access for a particular user once they know the shared password.
Specific IP address: IP filtering is only suitable if all potential users access the internet through a single gateway, i.e. all employees of a company. Once a user has created a login name while inside the IP range, they can also use it while outside the IP range. Under User Management it is possible to manually add users outside the IP range.
Specific email domain: this is suitable for organizations, who have their own email domain. Upon creating a login name, new users receive an email with a verification link that they need to click. Under User Management, users with different email addresses can be added manually.
Specific users: instead of having users create their own login names and passwords, this option lets the administrator (or superuser) do this. This can be done either manually via User Management or from a CSV file via Import.
Registration managed on your site: if you already let your users register and login on your own website, it would be possible to set up a so-called single sign-on and automatically log them in at SuperSaaS as well. This avoids the need for your users to log in twice. If your website is based on Drupal, Joomla!, Wix or WordPress, our free plugins help you set this up. Otherwise, an interface to your back-end systems would need to be custom-built using the documentation for programmers.

SuperSaaS by default prevents search engines such as Google from indexing your schedule. However, there is still a small chance that spammers find your schedule and try to misuse it to spread their ‘message’. Requiring registration helps prevent most of these issues. For even greater protection, you can use registration confirmation and verification to block all but the most persistent spammers.

Collecting user details upon registration

Upon registration, you can collect additional information from users. Besides the typical login name and password, you can ask for further information such as users’ contact details. Two additional text fields are available to collect any remaining information you might need.

By default, SuperSaaS sets the user’s email address as their login name. If you do not intend to use any form of registration, you should uncheck as this allows you to more easily collect email addresses upon booking.

When setting up your sign-up form, you can categorize each information field as Required, Optional, or Don’t Ask. By assigning a category to each field, you control which information is collected during user registration. Here’s what each category means:

Required: users must complete this field to proceed with the registration process. Leaving it empty will prevent them from continuing.
Optional: users can choose whether to fill in this field. It can be left blank without affecting the registration process.
Don’t ask: this field will not appear on the sign-up form at all.

Note that even the Password field can be switched off. Doing so will remove the password field from the login dialog for your schedule.

Users can change this information later on by clicking on the Your settings link in the upper-right corner of the screen. This link will only show when users are logged in. You can also block users from updating their own information (see Other settings below).

The Access Control page lets you decide which information to collect during the registration process. On the Configure > Process page for each schedule, you can choose if the same or different information should be collected during the booking process. If you set the schedule to ask the same information for both processes, any details provided during registration will automatically appear when booking an appointment. This information can be changed if needed.

Use custom fields or forms to collect additional information

In addition to the standard contact detail fields, you can use two additional text fields to collect custom information. By enabling one or both of these fields, they will also become available for use in the booking dialog that can be configured via Configure > Process.

If you need to add more than two custom text fields or prefer to use options like checkboxes or dropdown menus, you can create a custom form instead. After you have created such an integrated form (see Adding booking forms), you can add it to the registration process. Connect a form to your registration process from the dropdown menu under Attach a form to each user to capture additional information?.

You can also add a “supervisor field”, a field that only you, or a superuser, can edit. If the information in the supervisor field is not confidential, you can make it visible to the user by setting it to Visible. For more information of the Supervisor field and its uses, visit the User Process section.

Registration confirmation and verification

By default, no confirmation of registration is provided to new users. Upon completion of the registration process, they are immediately logged in and can start using your schedule(s). To ensure users receive a confirmation of their registration, select Send a confirmation email to the user. The SuperSaaS system will then send new users a confirmation email. The content of this email can be customized under Layout Settings (see also Layout). If you want to be notified of new registrations in addition to confirming them for users, select Send a notification mail to the administrator.

To discourage unwanted visitors from signing up, you can require them to verify their email address by selecting Send a confirmation email with a link the user has to click on before he can log in. This weeds out people using fake or invalid email addresses, as they won’t receive the notification email and thus cannot activate their user account.

To understand what the registration process looks like to new users, you can check the flowchart on the page. It instantly reflects any changes you make to the settings.

For example, if you select the option Only people from a specific IP address, the flowchart will update to show a step that says that the IP address will be checked. Note that this is only the registration process; there is another flowchart that shows the booking process under Configure > Process.

Other settings

At the bottom of the Access Control page, three more sets of registration/authorization related settings can be found. The first setting can be used to provide new users with a starting credit upon registration (note that this option is only available when the credit system has been enabled). For more information, see the documentation for the credit system.

Other registration/authorization settings

The second set of settings lets you implement additional security measures, such as preventing browsers from storing login names and passwords. Here you also block users from updating the information they provided upon registration (see above). You also find an option here that will prevent users from accessing your schedule on an HTTP connection. In that case, users will be automatically redirected to the HTTPS version of the page. You can read more about the importance of securing your connection in this blog on HTTPS security.

If you have multiple schedules in your account then you will see a set of settings that allows you to show a list of available schedules to your users. There is also a setting that allows you to specify that users need to log in before they can see that list. This option is useful in combination with User Groups (see that page for a full explanation). The final set of settings determines whether superusers can create additional users and act on their behalf (see also Daily Use for tips on how to put these settings to good use).