Chat now with support
Chat with Support

Identity Manager 9.3 - Web Application Configuration Guide

About this guide Managing the API Server Configuring API projects and web applications
General configuration Configuring the Administration Portal Configuring the Application Governance Module Configuring the Password Reset Portal Configuring the Web Portal
Configuring departments Configuring address books Ansichten konfigurieren Configuring application roles Configuring the Application Governance Module Configuring attestation Configuring authentication by accepting the terms of use Configuring request functions Configuring delegation Configuring your own API filter Configuring your own filters Configuring recommendations for adding entitlements to objects Configuring devices Configuring business roles Configuring the help desk module/tickets Configuring hyperviews Configuring identities Configuring password questions Configuring cost centers Configuring service items Program functions for the Web Portal Configuring software Configuring locations Configuring statistics Configuring system roles Skip table sorting Configuring team roles Configuring the four eyes principle for issuing a passcode. Configuring WebAuthn security keys
Configuring the Operations Support Web Portal
Recommendations for secure operation of web applications

Configuring the Password Reset Portal

The Password Reset Portal allows users to reset passwords of the user accounts they manage securely.

Detailed information about this topic

Configuring Password Reset Portal login using target system user accounts

By default, it is only possible to log in to the Password Reset Portal using password questions or a passcode if you use a central user account. You can configure the Password Reset Portal's authentication module such that log in with the help of password questions or a passcode is also possible using a target system user account (Active Directory user accounts, for example). To do this, enter database tables and columns containing the user names of user accounts that are permitted to log in to the Password Reset Portal. For more information the about Password Reset Portal's authentication module, see the One Identity Manager Authorization and Authentication Guide.

To configure login using target system user accounts

  1. Start the Designer program.

  2. Connect to the relevant database.

  3. Set and configure the following configuration parameters:

    TIP: To find out how to edit configuration parameters in Designer, see the One Identity Manager Configuration Guide.

    • QER | Person | PasswordResetAuthenticator | SearchTable: Enter the name of the database table containing the use names of the user accounts permitted to log in to the Password Reset Portal.
      When a user tries to log in to the Password Reset Portal, this table and the column given under SearchColumn are searched for the user names permitted for use.

      Example: ADSAccount

      NOTE: This database table must have a foreign key named UID_Person that references the Person table. This is required to match the user names to the One Identity Manager user accounts.

    • QER | Person | PasswordResetAuthenticator | SearchColumn: Enter the name of the table column containing the use names of the user accounts permitted to log in to the Password Reset Portal.
      When a user tries to log in to the Password Reset Portal, this column and the table given under SearchTable are searched for the user names permitted for use.

      TIP: To enter more than one column, delimit them with the pipe character (|).

      Example: CN|SamAccountName

    • QER | Person | PasswordResetAuthenticator | DisabledBy: (Optional) Enter the name of the Boolean table column that specifies whether a user account is locked. User accounts that are marked as locked (column value: true) cannot log in to the Password Reset Portal.

      TIP: To enter more than one column, delimit them with the pipe character (|).

      Example: Locked|Disabled

    • QER | Person | PasswordResetAuthenticator | EnabledBy: (Optional) Enter the name of the Boolean table column that specifies whether a user account is enabled. User accounts that are marked as disabled (column value: false) cannot log in to the Password Reset Portal.

      TIP: To enter more than one column, delimit them with the pipe character (|).

      Example: Active|Enabled

Configuring Password Reset Portal authentication

Authentication on the Password Reset Portal differs from authentication on the Web Portal. Users can log in to Password Reset Portal using the following options:

Detailed information about this topic

Configuring Password Reset Portal login with a passcode

Users can use the passcode they received from their manager to log in to the Password Reset Portal.

Required configuration keys:

  • Login with passcodes (EnablePasscodeLogin): Specifies whether users can log in using passcodes.

To configure login with a passcode

  1. Log in to the Administration Portal (see Logging in to the Administration Portal).

  2. In the navigation, click Configuration.

  3. On the Configuration page, in the Show configuration for the following API project drop-down, select the Password Reset Portal API project.

  4. Expand the Login with passcodes configuration key.

  5. Select the Login with passcodes check box.

  6. Click Apply.

  7. Perform one of the following actions:

    • If you want to apply the changes locally only, click Apply locally.

    • If you want to apply the changes globally, click Apply globally.

  8. Click Apply.

  9. Close the Administration Portal.

    NOTE: The following steps are only necessary if they use the ImxClient command line program to host an API Server locally. For more information about the ImxClient command line tool, see the One Identity Manager API Development Guide.

  10. Open the API Server installation directory.

  11. In the API Server's installation directory, open the appsettings.json file.

  12. Add the following entry:

    {
          "ConnectionStrings": {
                "QER\\Person\\PasswordResetAuthenticator\\ApplicationToken": "<Anwendungstoken>"
          }
    }
    <add name="QER\Person\PasswordResetAuthenticator\ApplicationToken" connectionString="<API Server application token>"/>

  13. Save your changes to the file.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating