Component authentication module
NOTE: This authentication module is available if the Configuration Module is installed.
This authentication module integrates the default method for registering process components.
Credentials |
Login uses the sa system user. |
Prerequisites |
|
Set as default |
Yes |
Single sign-on |
No |
Front-end login allowed |
No |
Web Portal login allowed |
No |
Remarks |
You must not change the system user sa. The system user is overwritten with each schema update. |
Crawler
NOTE: This authentication module is available if the Configuration Module is installed.
The authentication module is used by the application server to compile search indexes for full text search over the database.
Credentials |
Login uses the sa system user. |
Prerequisites |
|
Set as default |
Yes |
Single sign-on |
No |
Front-end login allowed |
No |
Web Portal login allowed |
No |
Remarks |
You must not change the system user sa. The system user is overwritten with each schema update. |
Password reset
NOTE: This authentication module is available if the Identity Management Base Module is installed.
The authentication module is used for login to Password Reset Portal. The authentication module checks the passcode or the employee’s answers to the password questions. In the case of login with an passcode, this information is deleted after a successful login.
Credentials |
Central user account and passcode.
- OR -
Central user account and answers to the password questions.
- OR -
Target system user account and passcode.
- OR -
Target system user account and answers to password questions. |
Prerequisites |
-
The employee exists in the database.
-
Using the central user account: The central user account is entered in the employee's main data.
-
Using the target system user account: The user account exists in the database and the employee is entered in the main data of the employee’s user account.
-
The employee is not deactivated or has the certification status New.
-
The employee has an passcode or the questions and answers for the password prompt have been specified. |
Set as default |
No |
Single sign-on |
No |
Front-end login allowed |
No |
Web Portal login allowed |
No |
Remarks |
The application token for Password Reset Portal must be specified. You set the application token when installing Password Reset Portal. The application token is saved as a hash value in the database in the QER | Person | PasswordResetAuthenticator | ApplicationToken parameter and stored encrypted in the web.config file. For detailed information about configuring the Password Reset Portal, see the One Identity Manager Web Application Configuration Guide. |
In the Designer, modify the following configuration parameters so that target system accounts can be used for logging in. If the configuration parameters are not set, the employee’s central user account is used.
Table 31: Configuration parameters for the authentication module
QER | Person | PasswordResetAuthenticator | SearchTable |
Table in the One Identity Manager schema which stores the user information. The table must contain a foreign key with the name UID_Person (or CCC_UID_Person) that references the Person table.
Example: ADSAccount |
QER | Person | PasswordResetAuthenticator | SearchColumn |
Pipe (|) delimited list of columns from the One Identity Manager table (SearchTable) used to search for the user name of the logged in user.
Example: CN|SamAccountName |
QER | Person | PasswordResetAuthenticator | EnabledBy |
Pipe (|) delimited list of Boolean columns from the One Identity Manager table (SearchTable) enabled by the user account for the login. |
QER | Person | PasswordResetAuthenticator | DisabledBy |
Pipe (|) delimited list of Boolean columns from the One Identity Manager table (SearchTable) disabled by the user account for the login.
Example: AccountDisabled |
Password reset (role-based)
NOTE: This authentication module is available if the Identity Management Base Module is installed.
The authentication module is used for login to Password Reset Portal. The authentication module checks the passcode or the employee’s answers to the password questions. In the case of login with an passcode, this information is deleted after a successful login.
Credentials |
Central user account and passcode.
- OR -
Central user account and answers to the password questions.
- OR -
Target system user account and passcode.
- OR -
Target system user account and answers to password questions. |
Prerequisites |
-
The employee exists in the database.
-
Using the central user account: The central user account is entered in the employee's main data.
-
Using the target system user account: The user account exists in the database and the employee is entered in the main data of the employee’s user account.
-
The employee is not deactivated or has the certification status New.
-
The employee has an passcode or the questions and answers for the password prompt have been specified.
-
The employee is assigned at least one application role. |
Set as default |
Yes |
Single sign-on |
No |
Front-end login allowed |
No |
Web Portal login allowed |
No |
Remarks |
The application token for Password Reset Portal must be specified. You set the application token when installing Password Reset Portal. The application token is saved as a hash value in the database in the QER | Person | PasswordResetAuthenticator | ApplicationToken parameter and stored encrypted in the web.config file. For detailed information about configuring the Password Reset Portal, see the One Identity Manager Web Application Configuration Guide.
A dynamic system user is determined from the employee's application roles. The user interface and the permissions are loaded through this system user. |
In the Designer, modify the following configuration parameters so that target system accounts can be used for logging in. If the configuration parameters are not set, the employee’s central user account is used.
Table 32: Configuration parameters for the authentication module
QER | Person | PasswordResetAuthenticator | SearchTable |
Table in the One Identity Manager schema which stores the user information. The table must contain a foreign key with the name UID_Person (or CCC_UID_Person) that references the Person table.
Example: ADSAccount |
QER | Person | PasswordResetAuthenticator | SearchColumn |
Pipe (|) delimited list of columns from the One Identity Manager table (SearchTable) used to search for the user name of the logged in user.
Example: CN|SamAccountName |
QER | Person | PasswordResetAuthenticator | EnabledBy |
Pipe (|) delimited list of Boolean columns from the One Identity Manager table (SearchTable) enabled by the user account for the login. |
QER | Person | PasswordResetAuthenticator | DisabledBy |
Pipe (|) delimited list of Boolean columns from the One Identity Manager table (SearchTable) disabled by the user account for the login.
Example: AccountDisabled |