Logging in without multi-factor authentication
You can specify that all users can log in to the web application without multi-factor authentication.
Required configuration key:
To allow login without multi-factor authentication for all users
- Open the Web Designer.
- Open a module and search for VI_Common_AccessControl_Starling_AllowUnregistered in the definition tree view.
- Mark the configuration parameter VI_Common_AccessControl_Starling_AllowUnregistered in the definition tree view.
- Set the value in the node editor view to true.
Activating Starling Two-Factor Authentication for the Operations Support Web Portal
On the API Server, you can enable Starling 2FA for the Operations Support Web Portal.
To enable Starling Two-Factor Authentication for the Operations Support Web Portal
-
Start the API Designer program.
-
In the menu bar, click View > Navigation.
-
In the navigation, click 
API projects.
-
In the tree view, double-click on the QBM_OperationsSupport project.
-
In the definition tree view, right-click 
(Authentication) node.
-
In the context menu, click Object in extension > Add to extension <extension name> > Authentication module.
-
In the menu bar, click View > Node editor.
-
In the definition tree view, click the newly created Second authentication factor.
-
In the Node editor pane, tick the Second authentication factor box.
-
In the menu, click Starling 2FA.
Configuring the Application Governance Module
The Application Governance Module allows you to quickly and simply run the onboarding process for new applications from one place using one tool. An application created with the Application Governance Module combines all the permissions application users require for their regular work. You can assign entitlements and roles to your application and plan when they become available as service items (for example, in the Web Portal).
Related topics
Configuring entitlements
To enable employees to view, create, and manage applications as well as approve requests for application products in the Web Portal, you must assign specific application roles to employees.
NOTE: Managing an application involves the following:
-
Editing the application's main data and the assigned entitlements and roles
-
Assigning entitlements and roles to the application
-
Unassigning entitlements and roles from the application
-
Deploying the application and associated entitlements and roles
-
Undeploying the application and its associated permissions and roles
To assign an application role for application governance to employees
-
Start the Manager program.
-
Connect to the relevant database.
-
Select the One Identity Manager Administration category.
-
In the upper navigation pane, click the application role you want to assign to employees:
-
Application Governance | Administrators: Members of this application role create new applications and manage all applications in the Web Portal.
-
Application Governance | Owners: If this application role is assigned to an application as an owner application role, the members manage the application in the Web Portal.
-
Application Governance | Approvers: If this application role is assigned to an application as an approver application role, the members can approve requests for products of this application (if the BE - Approver of an application approval procedure is used).
-
In the Tasks pane, select the Assign employees task.
-
In the Add Assignments area, double-click the employees to whom you want to assign the application role.
-
Click 
(Save).
