Chat now with support
Chat with Support

Identity Manager 9.3 - Web Application Configuration Guide

About this guide Managing the API Server Configuring API projects and web applications
General configuration Configuring the Administration Portal Configuring the Application Governance Module Configuring the Password Reset Portal Configuring the Web Portal
Configuring departments Configuring address books Ansichten konfigurieren Configuring application roles Configuring the Application Governance Module Configuring attestation Configuring authentication by accepting the terms of use Configuring request functions Configuring delegation Configuring your own API filter Configuring your own filters Configuring recommendations for adding entitlements to objects Configuring devices Configuring business roles Configuring the help desk module/tickets Configuring hyperviews Configuring identities Configuring password questions Configuring cost centers Configuring service items Program functions for the Web Portal Configuring software Configuring locations Configuring statistics Configuring system roles Skip table sorting Configuring team roles Configuring the four eyes principle for issuing a passcode. Configuring WebAuthn security keys
Configuring the Operations Support Web Portal
Recommendations for secure operation of web applications

Configuring self-registration of new users

In the Password Reset Portal, users who are not yet registered have the option to register themselves and create new user accounts. Users who self-register, receive a verification email with a link to a verification page. On this page, users can complete registration themselves and then set their initial login password.

NOTE: To use this functionality, new users must supply an email address, otherwise the verification email cannot be sent.

NOTE: For more information about self-registration of new users and associated attestation process, see the One Identity Manager Attestation Administration Guide.

NOTE: For more information about how users register themselves or create a new user account, see the One Identity Manager Web Portal User Guide.

To configure self-registration

  1. Start the Designer program.

  2. Connect to the relevant database.

  3. Configure the following configuration parameters:

    TIP: To find out how to edit configuration parameters in Designer, see the One Identity Manager Configuration Guide.

    • QER | WebPortal | PasswordResetURL: Specify the API Server's web address that deploys the Password Reset Portal. This web address is used for navigation.

    • QER | Attestation | MailTemplateIdents | NewExternalUserVerification:

      By default, the verification message and link is sent with the Attestation - new external user verification link mail template.

      To use another template for this notification, change the value in the configuration parameter.

      TIP: In the Designer, you can configure the current mail template in the Mail templates > Person category. For more information about mail templates, see the One Identity Manager Operational Guide.

    • QER | Attestation | ApproveNewExternalUsers: Specify whether self-registered users must be attested before they are activated. A manager then decides whether to approve the new user's registration.

    • QER | Attestation | NewExternalUserTimeoutInHours: For new self-registered users, specify the duration of the verification link in hours.

    • QER | Attestation | NewExternalUserFinalTimeoutInHours: Specify the duration in hours, within which self-registration must be successfully completed.

  4. Assign at least one identity to the Identity & Access Governance | Attestation | Attestor for external users application role.

  5. Ensure that an application token exists. You set the application token when installing the API server with the Web Installer. For more information, see the One Identity Manager Installation Guide.

    The application token is saved as a hash value in the database in the QER | Person | PasswordResetAuthenticator | ApplicationToken configuration parameter and stored encrypted in the web.config file of the API Server.

  6. Ensure that a user is configured with which the new user accounts can be created. You can set up the user and authentication data when the API Server is installed using with the Web Installer or adjust them later. For more information, see the One Identity Manager Installation Guide.

    NOTE: It is recommended to use the IdentityRegistration system user. The IdentityRegistration system user has the specified permissions required for self-registration of new users in the Password Reset Portal. If you require a custom system user, ensure that it has the necessary permissions. For more information about system users and permissions, see the One Identity Manager Authorization and Authentication Guide.

Deleting your own configuration keys

Delete configuration keys that you made yourself.

To delete your own configuration keys

  1. Log in to the Administration Portal (see Logging in to the Administration Portal).

  2. In the navigation, click Configuration.

  3. On the Configuration page, in the Show configuration for the following API project menu, select the API project that you created the key for.

  4. Click (Actions) > Delete configuration key.

  5. In the Delete configuration key side panel, in the Configuration key to be deleted menu, select the configuration key that you want to delete.

  6. Click Delete configuration key.

Setting the default web application

You can specify which web application to open when users enter the API Server base URL.

Required configuration keys:

  • Name of the default HTML application (DefaultHtmlApp): Specifies which web application starts if the user opens the API Server base URL.

To specify a default web application

  1. Log in to the Administration Portal (see Logging in to the Administration Portal).

  2. In the navigation, click Configuration.

  3. On the Configuration page, in the Show configuration for the following API project drop-down, select the API Server API project.

  4. Expand the Name of the default HTML application configuration key.

  5. In the Value field, enter the name of the web application to open when users enter the API Server base URL (for example, qer-app-portal for the Web Portal).

  6. Click Apply.

  7. Perform one of the following actions:

    • If you want to apply the changes locally only, click Apply locally.

    • If you want to apply the changes globally, click Apply globally.

  8. Click Apply.

Configuring support for reverse proxy servers

You can specify whether the API Server supports reverse proxy servers.

Required configuration keys:

  • Run API Server in reverse proxy mode (RunReverseProxyMode): Specify whether the API server is run in a reverse proxy setup.

  • Known reverse proxy servers (AllowedReverseProxies): Specifies which reverse proxy servers accept the X-Forwarded-For HTTP header.

To configure support for reverse proxy servers

  1. Log in to the Administration Portal (see Logging in to the Administration Portal).

  2. In the navigation, click Configuration.

  3. On the Configuration page, in the Show configuration for the following API project drop-down, select the API Server API project.

  4. Expand the Run API Server in reverse proxy mode configuration key.

  5. Select the Run API Server in reverse proxy mode check box.

  6. Expand the configuration key Known reverse proxy servers.

  7. Perform the following actions:

    1. Click New.

    2. In the input field, enter the host name of the reverse proxy server (the X-Forwarded-For HTTP header value).

    TIP: To add more servers, repeat these steps.

    TIP: To remove a server from the list, click (delete) next to the corresponding entry.

  8. Click Apply.

  9. Perform one of the following actions:

    • If you want to apply the changes locally only, click Apply locally.

    • If you want to apply the changes globally, click Apply globally.

  10. Click Apply.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating