Problem statement
A common use case is to have user profiles be created by tenant admins, and have those users reset their passwords when they first log in. Is it possible to include a Privacy Policy or Terms of Service checkbox on the Password Reset Page with the New Universal Login?
Solution
While there is a way to include a Privacy Policy or Terms of Service checkbox to the Login page using New Universal Login Page Templates, it is not possible to include a checkbox on the Password Reset page.
One potential solution to ensure users accept the privacy policy is to use a Redirect Action as outlined in this document: Redirect with Actions.
In the Action, check to see if the user object contains a specific ‘user_metadata’ such as ‘user_metadata.accepted_privacy_policy’, and if it doesn’t, redirect the user to a custom page in the application that asks the user to accept the privacy policy.
Once they accept, resume the Authentication Flow and set ‘user_metadata.accepted_privacy_policy = true’ . If they don’t accept, deny access to the application using api.access.deny(reason) (Actions Triggers: post-login - API Object ) from the Action.