Chat now with support
Chat with Support

Identity Manager 8.2.1 - Web Designer Web Application Configuration Guide

About this guide Configuring the Web Portal WebAuthn security keys Multi-factor authentication Configuring the Application Governance Module Configuring the Password Reset Portal Recommendations for secure operation of web applications

Step 4: Configuring the web application

NOTE: The web application to be used by WebAuthn, must apply the HTTPS secure communications protocol (see Using HTTPS).

To configure WebAuthn in web applications

  1. Start the Web Designer program.

  2. Connect to the relevant database.

  3. In the menu bar, click View > Start page.

  4. In the toolbar, click Select web application and select the web application you want to use.

  5. Click Edit web application settings.

  6. In the Edit web application settings dialog, in the Authentication module menu, click OAuth 2.0/OpenID Connect.
  7. In the OAuth pane, in the OAuth 2.0/OpenID Connect configuration menu, click the appropriate identity provider.
  8. Click OK.
  9. In the menu bar, click Edit > Configure project > Web project.

  10. In the Configure project view, configure the following configuration keys:

    • VI_Common_RequiresAccessControl: Set this parameter to enable two-factor authentication.

    • VI_Common_AccessControl_WebAuthn_2FA: Specify whether you want to enable WebAuthn two-factor authentication for the web application.

      You can configure WebAuthn two-factor authentication and security key management separately. If, for example, you want to only enable management of security keys but not of two-factor authentication with the help of security keys in the web application, do not set this configuration key and set the VI_Common_AccessControl_WebAuthn_2FA_VisibleControls configuration key described below.

    • VI_Common_AccessControl_WebAuthn_2FA_VisibleControls: Specify whether users can manage security keys in the web application.

    • VI_Employee_QERWebAuthnKey_Filter: Specify, which employees can manage security keys in the web application. If you do not enter anything here, all web application users manage the security keys (assuming the VI_Common_AccessControl_WebAuthn_2FA_VisibleControls configuration key is set).

    • VI_Common_AccessControl_WebAuthn_2FAID: Enter a unique identifier for the secondary authentication provider for WebAuthn two-factor authentication. You will find this identifier in your RSTS configuration.

      1. In your Internet browser, call the URL of the RSTS administration interface: https://<Webanwendung>/RSTS/admin.

      2. On the main page, click Authentication Providers.

      3. On the Authentication Providers page, click the appropriate entry.

      4. On the Edit page, switch to the Two Factor Authentication tab.

      5. Take the ID from the Provider ID field.

Related topics

Multi-factor authentication

Multi-factor authentication guarantees better security for logging into web applications. One Identity Manager tools use Starling Two-Factor Authentication for multi-factor authentication.

The following prerequisites must be fulfilled to use Starling Two-Factor Authentication:

  • Users must have a registered Starling 2FA token.
  • Use of an employee-related authentication module, for example "Person (role-based)"

Starling Two-Factor Authentication takes place after initial database login and is independent of it. At web application level, every access attempt is prevented until Starling Two-Factor Authentication has been completed.

Configuring multi-factor authentication

You can configure multi-factor authentication for web applications.

Required configuration key:

  • VI_Common_RequiresAccessControl: Requests web application authentication.

  • VI_Common_AccessControl_StarlingEnabled: Enables the use of the Starling Two-Factor Authentication.

To set up multi-factor authentication

  1. Open the Web Designer.
  2. Open a module and search for VI_Common_RequiresAccessControl in the definition tree view.
  3. Mark the VI_Common_RequiresAccessControl configuration parameter and set the value to true.
  4. Mark the VI_Common_AccessControl_StarlingEnabled configuration parameter and set the value to true.

Multi-factor authentication for specific people

Table 10: Configuration parameters for multifactor authentication for specific people

Configuration parameter

Description

VI_Common_AccessControl_Filter

Sets up multi-factor authentication for specific people.

You need to specify, which people can use multi-factor authentication in your web project.

To set up multifactor authentication for specific people only

  1. Open the Web Designer.
  2. Open a module and search for VI_Common_AccessControl_Filter in the definition tree view.
  3. Mark the VI_Common_AccessControl_Starling_AllowUnregistered configuration parameter in the definition tree view.
  4. Enter a filter condition in the node editor view that only matches people who require multi-factor authentication.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating