Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Identity Manager 9.1 - Web Designer Web Application Configuration Guide

About this guide Configuring the Web Portal WebAuthn security keys Configuring the Application Governance Module Configuring the Password Reset Portal Recommendations for secure operation of web applications

Configuring Password Reset Portal login using target system user accounts

By default, it is only possible to log in to the Password Reset Portal using password questions or a passcode if you use a central user account. You can configure the Password Reset Portal's authentication module such that log in with the help of password questions or a passcode is also possible using a target system user account (Active Directory user accounts, for example). To do this, enter database tables and columns containing the user names of user accounts that are permitted to log in to the Password Reset Portal. For more information the about Password Reset Portal's authentication module, see the One Identity Manager Authorization and Authentication Guide.

To configure login using target system user accounts

  1. Start the Designer program.

  2. Connect to the relevant database.

  3. Set and configure the following configuration parameters:

    NOTE: For more information about editing configuration parameters in the Designer, see the One Identity Manager Configuration Guide.

    • QER | Person | PasswordResetAuthenticator | SearchTable: Enter the name of the database table containing the use names of the user accounts permitted to log in to the Password Reset Portal.
      When a user tries to log in to the Password Reset Portal, this table and the column given under SearchColumn are searched for the user names permitted for use.

      Example: ADSAccount

      NOTE: This database table must have a foreign key named UID_Person that references the Person table. This is required to match the user names to the One Identity Manager user accounts.

    • QER | Person | PasswordResetAuthenticator | SearchColumn: Enter the name of the table column containing the use names of the user accounts permitted to log in to the Password Reset Portal.
      When a user tries to log in to the Password Reset Portal, this column and the table given under SearchTable are searched for the user names permitted for use.

      TIP: To enter more than one column, delimit them with the pipe character (|).

      Example: CN|SamAccountName

    • QER | Person | PasswordResetAuthenticator | DisabledBy: (Optional) Enter the name of the Boolean table column that specifies whether a user account is locked. User accounts that are marked as locked (column value: true) cannot log in to the Password Reset Portal.

      TIP: To enter more than one column, delimit them with the pipe character (|).

      Example: Locked|Disabled

    • QER | Person | PasswordResetAuthenticator | EnabledBy: (Optional) Enter the name of the Boolean table column that specifies whether a user account is enabled. User accounts that are marked as disabled (column value: false) cannot log in to the Password Reset Portal.

      TIP: To enter more than one column, delimit them with the pipe character (|).

      Example: Active|Enabled

Recommendations for secure operation of web applications

Here are some solutions that have been tried and tested in conjunction with One Identity Manager tools to guarantee secure operation of One Identity web applications. You decide which security measures are appropriate for your individually customized web applications.

Detailed information about this topic

Using HTTPS

Always run the One Identity Manager's web application over the secure communications protocol "Hypertext Transfer Protocol Secure" (HTTPS).

In order for the web application to use the secure communications protocol, you can force the use of the "Secure Sockets Layer" (SSL) when you install the application. For more information for using HTTPS/SSL, see the One Identity Manager Installation Guide.

Disable automatic password storage

Use this setting to prevent auto-filling of your user data on the login page. This setting is made in the Web Designer and can help running of web applications more securely.

Table 15: Configuration parameter for disabling automatic password storage

Configuration parameter

Description

VI_Common_Login_PrefillLoginData

Prevents auto-filling user data on the login page.

To disable automatic password storage

  1. Open the Web Designer.
  2. In the menu bar, select the Edit > Configure project > Web project menu item.
  3. On the Configure Project tab, search for "VI_Common_Login_PrefillLoginData".
  4. In the Allow prefill of login data key, in the Value (custom) column, click .

This sets the default value to "false". This disables automatic password storage.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation