지금 지원 담당자와 채팅
지원 담당자와 채팅

Identity Manager 9.3 - Web Application Configuration Guide

About this guide Managing the API Server Configuring API projects and web applications
General configuration Configuring the Administration Portal Configuring the Application Governance Module Configuring the Password Reset Portal Configuring the Web Portal
Configuring departments Configuring address books Ansichten konfigurieren Configuring application roles Configuring the Application Governance Module Configuring attestation Configuring authentication by accepting the terms of use Configuring request functions Configuring delegation Configuring your own API filter Configuring your own filters Configuring recommendations for adding entitlements to objects Configuring devices Configuring business roles Configuring the help desk module/tickets Configuring hyperviews Configuring identities Configuring password questions Configuring cost centers Configuring service items Program functions for the Web Portal Configuring software Configuring locations Configuring statistics Configuring system roles Skip table sorting Configuring team roles Configuring the four eyes principle for issuing a passcode. Configuring WebAuthn security keys
Configuring the Operations Support Web Portal
Recommendations for secure operation of web applications

Configuring authentication

User authentication is carried out on the API Server for each API project.

Authentication has two steps:

  1. Required primary authentication: Default authentication through an authentication module

  2. Optional secondary authentication: Multi-factor authentication (using OneLogin)

For more information about authentication, see the One Identity Manager API Development Guide and the One Identity Manager Authorization and Authentication Guide.

Related topics
Detailed information about this topic

Configuring primary authentication with single sign-on

You can configure single sign-on authentication for API projects with the Administration Portal. In this case, a separate request to the imx/login method is not required.

Required configuration key:

  • Single sign-on authentication modules (SsoAuthentifiers): Specifies which authentication modules are used for single sign-on.

TO configure primary authentication with single sign-on

  1. Log in to the Administration Portal (see Logging in to the Administration Portal).

  2. In the navigation, click Configuration.

  3. On the Configuration page, in the Show configuration for the following API project drop-down, select the API project that you want configure with single sign-on authentication.

  4. Expand the Single sign-on authentication modules configuration key.

  5. Click New.

  6. In the drop-down, select the authentication module you want to use.

    TIP: You can specify additional authentication modules. To do this, click New.

  7. Click Apply.

  8. Perform one of the following actions:

    • If you want to apply the changes locally only, click Apply locally.

    • If you want to apply the changes globally, click Apply globally.

  9. Click Apply.

Configuring multi-factor authentication

You can specify if and how users must authenticate themselves when accepting terms of use, or certifying and approving requests.

For more information about setting up multi-factor authentication, see the One Identity Manager Authorization and Authentication Guide. For more information about setting up initial synchronization with a OneLogin domain, see the One Identity Manager Administration Guide for Integration with OneLogin Cloud Directory.

TIP: If you want to use multi-factor authentication with OneLogin, the OneLogin Module must be available and synchronization must be set up.

Required configuration keys:

  • Step-up authentication provider for terms of use agreement and workflow approval (StepUpAuthenticationProvider): Authentication method to be used when accepting terms of use.

To configure multi-factor authentication

  1. Log in to the Administration Portal (see Logging in to the Administration Portal).

  2. In the navigation, click Configuration.

  3. On the Configuration page, in the Show configuration for the following API project drop-down, select the Web Portal API project.

  4. Expand the Step-up authentication provider for terms of use agreement and workflow approval configuration key.

  5. In the Value drop-down, select the authentication provider you want to use.

    TIP: If you do not want to use authentication, select No step-up authentication.

  6. (Optional) If you use multifactor authentication with OneLogin (value OneLoginMFA), make sure that the authentication data for logging in to the OneLogin domain is available. You can set up the authentication data when the API Server is installed using with the Web Installer or adjust it later. For more information, see the One Identity Manager Installation Guide.

  7. Click Apply.

  8. Perform one of the following actions:

    • If you want to apply the changes locally only, click Apply locally.

    • If you want to apply the changes globally, click Apply globally.

  9. Click Apply.

Configuring authentication tokens

Users receive an authentication token after they have been successfully authenticated on a web application. User do not have to repeat the authentication as long as this token is valid.

Required configuration key:

  • Persistent authentication tokens (AuthTokensEnabled): Specifies whether to use persistent authentication tokens that are stored between sessions.

  • Persistent authentication token lifetime (in minutes) (AuthTokensLifetimeMinutes): Specifies how long persistent authentication tokens are valid.

To configure the use of authentication tokens.

  1. Log in to the Administration Portal (see Logging in to the Administration Portal).

  2. In the navigation, click Configuration.

  3. On the Configuration page, in the Show configuration for the following API project drop-down, select the API Server API project.

  4. Configure the following configuration keys:

    • Persistent authentication tokens: Specify whether to use persistent authentication tokens. To do this, select or clear the corresponding check box.

    • Persistent authentication token lifetime (in minutes): Specify how long persistent authentication tokens are valid. Once the token lifetime has expired, the user must authenticate again.

  5. Click Apply.

  6. Perform one of the following actions:

    • If you want to apply the changes locally only, click Apply locally.

    • If you want to apply the changes globally, click Apply globally.

  7. Click Apply.

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택