Chat now with support
Chat with Support

Identity Manager 8.2.1 - Web Designer Web Application Configuration Guide

About this guide Configuring the Web Portal WebAuthn security keys Multi-factor authentication Configuring the Application Governance Module Configuring the Password Reset Portal Recommendations for secure operation of web applications

Configuring the four eyes principle for issuing a passcode.

You can control whether passcodes generated by the help desk are divided into two parts. One half of the passcode is issued to the help desk staff and the other half is sent to the employee's manager. The employee must ask the manager for the second half of the passcode. This procedure increases the security for issuing passcodes.

To configure the four eye principle for issuing passcodes

  1. Start the Designer program.

  2. Connect to the relevant database.

  3. Set the QER | Person | PasswordResetAuthenticator | PasscodeSplit configuration parameter.

    NOTE: For more information about editing configuration parameters in the Designer, see the One Identity Manager Configuration Guide.

  4. Set the QER | WebPortal | MailTemplateIdents | InformManagerAboutSecondHalfOfPasscode configuration parameter.

    By default, the second half of the passcode is sent with the Employee - manager half of passcode for password reset mail template.

    To use another template for this notification, change the value in the configuration parameter.

    TIP: In the Designer, you can configure the current mail template in the Mail templates > Person category. For more information about mail templates, see the One Identity Manager Operational Guide.

Configuring password questions

If Web Portal users forget their password, they can set a new one with the help of the password questions.

To configure the use of password questions.

  1. Start the Designer program.

  2. Connect to the relevant database.

  3. Configure the following configuration parameters:

    NOTE: For more information about editing configuration parameters in the Designer, see the One Identity Manager Configuration Guide.

    • QER | Person | PasswordResetAuthenticator | QueryAnswerDefinitions: Specify how many password questions and answers users must enter. Users who do not enter enough or any questions and answers, cannot reset their password.

      NOTE: The value must not be less than the value in the QueryAnswerRequests configuration parameter.

    • QER | Person | PasswordResetAuthenticator | QueryAnswerRequests: Specify how many password questions users have to answer before they can reset their password.

      NOTE: The value must not be higher than the value in the QueryAnswerDefinitions configuration parameter.

    • QER | Person | PasswordResetAuthenticator | InvalidateUsedQuery: Specify whether users must enter new password questions and answers after successfully resetting their password. In this case, correctly answered questions are deleted.

Configuring the search

Many of the Web Portal's pages provide a search option for objects in context of the page.

To configure the search

  1. Start the Web Designer program.

  2. Connect to the relevant database.

  3. Configure the VI_Common_SqlSearch_PrefixLike configuration key: To show the user matching search results as fast as possible, search suggestions are already shown while you are entering the word. If you set the parameter, the last word of the input will also be taken into account.

  4. Start the Designer.

  5. Configure the following configuration parameters:

    Common | Indexing | IndexNonTokenChars: Specify which delimiters can be used in the search.

    Common | Indexing | IndexUseLegacyAnalyzer: Specify whether an alternative tokenizing is also be performed. The alternative method of tokenizing is preferable for long tokens. For example, if the string Department_01 is a token, the partial string Department is not considered to be a token.

    The following tokens are named.

    Table 9: Tokens for alternative tokenizing
    Token Description with example

    Words

    Sequence of letters and/or numbers

    Enumeration

    Words linked by punctuation marks (_-/.,) of which at least every second one contains a number.

    An example is Department_01.

    Sequences are also decimal numbers and IP addresses.

    Email addresses

    An email address is often made up of first name, last name, company name and generic top-level domain (for example .com). The order or spelling of the first and last names may vary (for example, use of initials). The special character @ and the punctuation mark (.) not only separate each part of the email address but also links them so that

    Examples of email addresses are Ben.King@example.com and C.Harris@example.com.

    Host names

    For example website.example.com.

    Acronym

    For example U. S. A.

    Apostrophe

    For example O'Reilly.

    @, & surrounded by letters

    For example Me&you.

    Umlauts such as ä, ö, ü For example Max Müller.

    NOTE: If you change these configuration parameters, the search indexes will be rebuilt, which may take some time.

WebAuthn security keys

One Identity offers users the option to log in, simply and securely, to One Identity Manager web applications with help of (physical) security keys. These security keys support the W3C standard WebAuthn.

Use of security keys guarantees increased security when logging in.

Advice
  • You can run Starling Two-Factor Authentication and WebAuthn in parallel for a web application. Users that have at least one valid security key, do not have to go through the Starling 2FA process as well. Users that do not have a security key must still use Starling 2FA.

  • In the Manager, employee administrators have the option to view all of an employee's security keys and to delete them. For more information, see the One Identity Manager Identity Management Base Module Administration Guide.

  • The WebAuthn standard is NOT support in Internet Explorer. Users must use another browser.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating