Identity Manager 8.1 - Web Application Configuration Guide

Displaying user-specific processes in the Web Portal

A user-specific process is a process that is specifically configured for tracing by the user. It enables status tracking and confirmation of a processing result to the Web Portal.

A user who is logged on to the Web Portal can see all processes that they have initiated. The value in the XUserInserted column corresponds to the user who is currently logged on. A process can only be generated from within a session of the current logged on user if it is to be identified as a user-specific process.

The user-specific processes are displayed in the Web Portal in the My Processes view. For more detailed information, see the One Identity Manager Web Portal User Guide.

This section only covers the configuration for displaying the process information in the Web Portal. For more detailed information about process monitoring, recording process information, and the configuration of processes and process steps, see the One Identity Manager Configuration Guide.

Configuration recommendations for the recording of user-specific processes
  • In the Designer, check the Common | ProcessState configuration parameter. The configuration parameter must be enabled.
  • In the Designer, check the Common | ProcessState | JobHistory configuration parameter. The configuration parameter must be enabled. As a value for the configuration parameter, select ERRORorSELECTED or SELECTED.

    NOTE: The value ALL also takes into account the notifications from the process history. However, this setting can lead to an extremely large data volume.

  • In the Designer, check the Common | ProcessState | ProgressView configuration parameter. The configuration parameter must be enabled and should have the value 2.
  • In Designer, check the configuration parameters Common | ProcessState | ProgressView | LifeTime and Common | ProcessState | JobHistory | LifeTime. These configuration parameters define the retention time of the process information and notifications in the process history. The configuration parameters must be enabled. Adjust the retention times if necessary. By default, the information is stored for 30 days before it is removed from the One Identity Manager database.
  • In the Designer, configure the processes and process steps for recording process information.
    • In the Process information property for a process, select the value Web Portal tracking.
    • In the Process information property for the process steps, select the value Web Portal tracking. Enable the Process history option.
    • Use user-friendly informative display values for the processes and process steps. To do this, enter the formatting rules for the process information of processes and process steps.

Starling Two-Factor Authentication

Multi-factor authentication guarantees better security for logging into web applications. One Identity Manager tools user Starling Two-Factor Authentication for multi-factor authentication.

The following prerequisites must be fulfilled to use Starling Two-Factor Authentication:

  • Users must have a registered Starling 2FA token.
  • Use of an employee-related authentication module, for example "Person (role-based)"

Starling Two-Factor Authentication takes place after initial database login and is independent of it. At web application level, every access attempt is prevented until Starling Two-Factor Authentication has been executed.

Setting up Starling Two-Factor Authentication

Table 10: Configuration parameter for multi-factor authentication

Configuration parameter

Description

VI_Common_RequiresAccessControl

Requires authentication for web applications.

VI_Common_AccessControl_StarlingEnabled

Enables use of Starling Two-Factor Authentication.

Multi-factor authentication is done in the web project in the Web Designer.

To set up Starling Two-Factor Authentication

  1. Open the Web Designer.
  2. Open a module and search for "VI_Common_RequiresAccessControl".
  3. Mark the configuration parameter "VI_Common_RequiresAccessControl" and set the value to true.
  4. Mark the configuration parameter "VI_Common_AccessControl_StarlingEnabled" and set the value to true.

Starling Two-Factor Authentication for specific people

Table 11: Configuration parameter for multi-factor authentication for specific people

Configuration parameter

Description

VI_Common_AccessControl_Filter

Sets up multi-factor authentication for specific people.

You need to specify, which people can use multi-factor authentication in your web project.

To set up Starling Two-Factor Authentication only for specific people

  1. Open Web Designer.
  2. Open a module and search for "VI_Common_AccessControl_Filter".
  3. Mark the configuration parameter "VI_Common_AccessControl_Filter".
  4. Enter a filter condition in the node editor view that only matches people who require multi-factor authentication.

Related Documents