Chat now with support
Chat with Support

Identity Manager 8.1.5 - Web Application Configuration Guide

About this guide Configuring the Web Portal WebAuthn security keys Starling Two-Factor Authentication Password Reset Portal Recommendations for secure operation of web applications

Configuring password questions

If Web Portal users forget their password, they can set a new one with the help of the password questions.

To configure the use of password questions.

  1. Start the Designer.

  2. Configure the following configuration parameters:

    NOTE: See the One Identity Manager Configuration Guide, to find out how to edit configuration parameters in the Designer.

    • QER | Person | PasswordResetAuthenticator | QueryAnswerDefinitions: Specify how many password questions and answers users must enter. Users who do not enter enough or any questions and answers, cannot reset their password.

      NOTE: The value must not be less than the value in the QueryAnswerRequests configuration parameter.

    • QER | Person | PasswordResetAuthenticator | QueryAnswerRequests: Specify how many password questions users have to answer before they can reset their password.

      NOTE: The value must not be higher than the value in the QueryAnswerDefinitions configuration parameter.

    • QER | Person | PasswordResetAuthenticator | InvalidateUsedQuery: Specify whether users must enter new password questions and answers after successfully resetting their password. In this case, correctly answered questions are deleted.

WebAuthn security keys

One Identity offers users the option to log in, simply and securely, to One Identity Manager web applications with help of (physical) security keys. These security keys support the W3C standard WebAuthn.

Use of security keys guarantees increased security when logging in.

Advice

  • You can run Starling Two-Factor Authentication and WebAuthn in parallel for a web application. Users that have at least one valid security key, do not have to go through the Starling 2FA process as well. Users that do not have a security key must still use Starling 2FA.

  • In the Manager, employee administrators have the option to view all of an employee's security keys and to delete them. For more information, see the One Identity Manager Identity Management Base Module Administration Guide.

  • The WebAuthn standard is NOT support in Internet Explorer. Users must use another browser.

Related topics

WebAuthn configuration

To configure WebAuthn for a web application, carry out these four steps:

  1. Configure the OAuth certificate to enable secure communication between RSTS and One Identity Manager.

  2. Configure the RSTS.

  3. Configure the application server.

  4. Configure the web application.

Related topics

Step 1: Configuring an OAuth certificate

Communication between the RSTS (redistributable security token service) and One Identity Manager uses tokens that are signed with the private key of a certificate. This certificate must be valid and trusted because the RSTS also uses this certificate for client certificate registration on the application server. One Identity recommends that either you use a public key infrastructure (PKI) that already exists or a new certificate chain from the root certificate and the associated OAuth signing certificate.

To configure the OAuth signing certificate

  1. Create a new, valid, and trusted, OAuth signing certificate.

  2. Ensure the following:

    • The RSTS must have access to the OAuth signing certificate with a private key.

    • The application server from which, the RSTS requests the WebAuthn security keys, must trust the certificate chain of the OAuth signing certificate.

    • The web application that allows login by RSTS, must have access to the OAuth signing certificate with a private key.

    • The web application used to manage the WebAuthn security keys, must have access to the OAuth signing certificate with a private key.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating