Chat now with support
Chat mit Support

Identity Manager 8.2 - Web Application Configuration Guide

About this guide Configuring the Web Portal WebAuthn security keys Starling Two-Factor Authentication Application Governance Module Configuring password questions Password Reset Portal Recommendations for secure operation of web applications

Configuring the search

Many of the Web Portal's pages provide a search option for objects in context of the page.

To configure the search

  1. Start the Web Designer.

  2. Configure the VI_Common_SqlSearch_PrefixLike configuration key: To show the user matching search results as fast as possible, search suggestions are already shown while you are entering the word. If you set the parameter, the last word of the input will also be taken into account.

  3. Start the Designer.

  4. Configure the following configuration parameters:

    Common | Indexing | IndexNonTokenChars: Specify which delimiters can be used in the search.

    Common | Indexing | IndexUseLegacyAnalyzer: Specify whether an alternative tokenizing is also be performed. The alternative method of tokenizing is preferable for long tokens. For example, if the string Department_01 is a token, the partial string Department is not considered to be a token.

    The following tokens are named.

    Table 10: Tokens for alternative tokenizing
    Token Description with example

    Words

    Sequence of letters and/or numbers

    Enumeration

    Words linked by punctuation marks (_-/.,) of which at least every second one contains a number.

    An example is Department_01.

    Sequences are also decimal numbers and IP addresses.

    Email addresses

    An email address is often made up of first name, last name, company name and generic top-level domain (for example .com). The order or spelling of the first and last names may vary (for example, use of initials). The special character @ and the punctuation mark (.) not only separate each part of the email address but also links them so that

    Examples of email addresses are Ben.King@example.com and C.Harris@example.com.

    Host names

    For example website.example.com.

    Acronym

    For example U. S. A.

    Apostrophe

    For example O'Reilly.

    @, & surrounded by letters

    For example Me&you.

    Umlauts such as ä, ö, ü For example Max Müller.

    NOTE: If you change these configuration parameters, the search indexes will be rebuilt, which may take some time.

WebAuthn security keys

One Identity offers users the option to log in, simply and securely, to One Identity Manager web applications with help of (physical) security keys. These security keys support the W3C standard WebAuthn.

Use of security keys guarantees increased security when logging in.

Advice
  • You can run Starling Two-Factor Authentication and WebAuthn in parallel for a web application. Users that have at least one valid security key, do not have to go through the Starling 2FA process as well. Users that do not have a security key must still use Starling 2FA.

  • In the Manager, employee administrators have the option to view all of an employee's security keys and to delete them. For more information, see the One Identity Manager Identity Management Base Module Administration Guide.

  • The WebAuthn standard is NOT support in Internet Explorer. Users must use another browser.

Related topics

WebAuthn configuration

To configure WebAuthn for a web application, carry out these four steps:

  1. Configure the OAuth certificate to enable secure communication between RSTS and One Identity Manager.

  2. Configure the RSTS.

  3. Configure the application server.

  4. Configure the web application.

Related topics

Step 1: Configuring an OAuth certificate

Communication between the RSTS (redistributable security token service) and One Identity Manager uses tokens that are signed with the private key of a certificate. This certificate must be valid and trusted because the RSTS also uses this certificate for client certificate registration on the application server. One Identity recommends that either you use a public key infrastructure (PKI) that already exists or a new certificate chain from the root certificate and the associated OAuth signing certificate.

To configure the OAuth signing certificate

  1. Create a new, valid, and trusted, OAuth signing certificate.

  2. Ensure the following:

    • The RSTS must have access to the OAuth signing certificate with a private key.

    • The application server from which, the RSTS requests the WebAuthn security keys, must trust the certificate chain of the OAuth signing certificate.

    • The web application that allows login by RSTS, must have access to the OAuth signing certificate with a private key.

    • The web application used to manage the WebAuthn security keys, must have access to the OAuth signing certificate with a private key.

Related topics
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen