Chat now with support
Chat with Support

Identity Manager 9.2 - Web Designer Web Application Configuration Guide

About this guide Configuring the Web Portal Configuring self-registration of new users Configuring the Password Reset Portal WebAuthn security keys Configuring the Application Governance Module Recommendations for secure operation of web applications

Configuring password questions

If Web Portal users forget their password, they can login in to the Password Reset Portal with the help of the password questions and set a new password.

To configure the use of password questions.

  1. Start the Designer program.

  2. Connect to the relevant database.

  3. Configure the following configuration parameters:

    TIP: To find out how to edit configuration parameters in Designer, see the One Identity Manager Configuration Guide.

    • QER | Person | PasswordResetAuthenticator | QueryAnswerDefinitions: Specify how many password questions and answers users must enter. Users who do not enter enough or any questions and answers, cannot log in to the Password Reset Portal using their password questions.

      NOTE: The value must not be less than the value in the QueryAnswerRequests configuration parameter.

    • QER | Person | PasswordResetAuthenticator | QueryAnswerRequests: Specify how many password questions users have to answer before they can log in to the Password Reset Portal.

      NOTE: The value must not be higher than the value in the QueryAnswerDefinitions configuration parameter.

    • QER | Person | PasswordResetAuthenticator | InvalidateUsedQuery: Specify how many new password questions and answers users must enter after they have successfully logged in to the Password Reset Portal. If this option is enabled, correctly answered password questions are deleted after logging in to Password Reset Portal.

Configuring the search

Many of the Web Portal's pages provide a search option for objects in context of the page.

To configure the search

  1. Start the Web Designer program.

  2. Connect to the relevant database.

  3. Configure the VI_Common_SqlSearch_PrefixLike configuration key: To show the user matching search results as fast as possible, search suggestions are already shown while you are entering the word. If you set the parameter, the last word of the input will also be taken into account.

  4. Start the Designer.

  5. Configure the following configuration parameters:

    Common | Indexing | IndexNonTokenChars: Specify which delimiters can be used in the search.

    Common | Indexing | IndexUseLegacyAnalyzer: Specify whether an alternative tokenizing is also be performed. The alternative method of tokenizing is preferable for long tokens. For example, if the string Department_01 is a token, the partial string Department is not considered to be a token.

    The following tokens are named.

    Table 9: Tokens for alternative tokenizing
    Token Description with example

    Words

    Sequence of letters and/or numbers

    Enumeration

    Words linked by punctuation marks (_-/.,) of which at least every second one contains a number.

    An example is Department_01.

    Sequences are also decimal numbers and IP addresses.

    Email addresses

    An email address is often made up of first name, last name, company name and generic top-level domain (for example .com). The order or spelling of the first and last names may vary (for example, use of initials). The special character @ and the punctuation mark (.) not only separate each part of the email address but also links them so that

    Examples of email addresses are s.user@example.com and pat.identity@example.com.

    Host names

    For example website.example.com.

    Acronym

    For example U. S. A.

    Apostrophe

    For example O'Name.

    @, & surrounded by letters

    For example Me&you.

    Umlauts such as ä, ö, ü For example Häägen.

    NOTE: If you change these configuration parameters, the search indexes will be rebuilt, which may take some time.

Configuring self-registration of new users

Users who are not yet registered have the option to register themselves to use the Web Portal and to create new accounts. Users who self-register, receive a verification email with a link to a verification page. On this page, users can complete registration themselves and then set their initial login password.

NOTE: To use this functionality, new users must supply an email address, otherwise the verification email cannot be sent.

NOTE: For more information about self-registration of new users and associated attestation process, see the One Identity Manager Attestation Administration Guide.

NOTE: For more information about how users register themselves or create a new user account, see the One Identity Manager Web Designer Web Portal User Guide .

To configure self-registration

  1. Start the Designer program.

  2. Connect to the relevant database.

  3. Configure the following configuration parameters:

    TIP: To find out how to edit configuration parameters in Designer, see the One Identity Manager Configuration Guide.

    • QER | WebPortal | PasswordResetURL: Specify the Password Reset Portal's web address. This URL is used, for example, in the email notification to new users.

    • QER | Attestation | MailTemplateIdents | NewExternalUserVerification:

      By default, the verification message and link is sent with the Attestation - new external user verification link mail template.

      To use another template for this notification, change the value in the configuration parameter.

      TIP: In the Designer, you can configure the current mail template in the Mail templates > Person category. For more information about mail templates, see the One Identity Manager Operational Guide.

    • QER | Attestation | ApproveNewExternalUsers: Specify whether self-registered users must be attested before they are activated. A manager then decides whether to approve the new user's registration.

    • QER | Attestation | NewExternalUserTimeoutInHours: For new self-registered users, specify the duration of the verification link in hours.

    • QER | Attestation | NewExternalUserFinalTimeoutInHours: Specify the duration in hours, within which self-registration must be successfully completed.

  4. Assign at least one identity to the Identity & Access Governance | Attestation | Attestor for external users application role.

Configuring the Password Reset Portal

The Password Reset Portal allows users to reset passwords of the user accounts they manage securely.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating