Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Identity Manager 9.3 - Web Application Configuration Guide

Table of Contents

About this guide Managing the API Server

Logging in to the Administration Portal Displaying API documentation Managing caches

Displaying caches Flushing caches Activating and deactivating caches

Viewing and editing API project configurations

Editing configuration keys Displaying changes to API projects Discarding changes to API projects Activating or deactivating local changes Converting local changes into global changes

Displaying API Server packages Displaying API Server plug-ins Managing logs

Displaying logs Starting log monitoring Downloading log files

Displaying API Server overview Changing encryption

Configuring API projects and web applications

General configuration

Configuring authentication

Configuring primary authentication with single sign-on Configuring multi-factor authentication Configuring authentication tokens Excluding authentication modules

Configuring CAPTCHAs

Enabling and disabling CAPTCHA login protection Configuring CAPTCHA fonts Configuring CAPTCHA characters Configuring CAPTCHA case sensitivity Configuring fixed CAPTCHA codes Configuring reCAPTCHA

Configuring Content Security Policy Configuring CORS (Cross-Origin Resource Sharing) Configuring cross-site request forgery (CSRF)

Activating and deactivating cross-site request forgery protection Configuring HTTP header with cross-site request forgery protection token Configuring HTTP methods without cross-site request forgery protection Configuring behavior in the event of a cross-site request forgery attack Configuring the cross-site request forgery protection cookie

Configuring themes

Creating and deploying custom themes Configuring default themes

Configuring the HTTP response headers Configuring the logo Configuring managers Configuring the user interface language Configuring SameSite cookies Configuring self-registration of new users Deleting your own configuration keys Setting the default web application Configuring support for reverse proxy servers Configuring URLs for specific APIs Using web applications without menu bar

Configuring the Administration Portal

Configuring logs Configuring display of API documentation

Configuring the Application Governance Module

Configuring entitlements Filling application hyperviews

Configuring the Password Reset Portal

Configuring Password Reset Portal login using target system user accounts Configuring Password Reset Portal authentication

Configuring Password Reset Portal login with a passcode Configuring Password Reset Portal login with password questions

Excluding passwords from being reset Settable passwords Central password

Defining password dependencies Setting a central password Configuring checks for all passwords

Configuring the Web Portal

Configuring departments

Enabling or disabling department creation

Configuring address books

Showing or hiding organizational charts in the address book Configuring information in the address book overview Configuring information in the address book entry detail view

Ansichten konfigurieren

Configuring default page filters Configuring default grouping of data on pages Configuring default sorting of data on pages Configuring optional columns for tables Adding additional information to tables Adding additional columns to tables

Configuring application roles

Enabling or disabling application role creation

Configuring the Application Governance Module

Configuring entitlements Filling application hyperviews

Configuring attestation

Configuring recipients of delegated attestation cases Configuring the warning threshold of attestation policy objects to attest

Configuring authentication by accepting the terms of use Configuring request functions

Limiting products and service categories shown to specific recipients Configuring requests of products recommended from peer group Configuring requesting by reference users Configuring recipients of delegated requests Configuring missing user account as optional product Linking service categories and products

Configuring delegation

Enabling or disabling global delegation Enabling or disabling individual delegations

Configuring your own API filter

Creating your own API filters Editing your own API filters Deleting your own API filters

Configuring your own filters

Creating your own filters Editing your own filters Deleting your own filters

Configuring recommendations for adding entitlements to objects

Excluding entitlements from recommendations Configuring threshold for entitlement recommendations

Configuring devices

Configuring the editable properties of devices

Configuring business roles

Enabling or disabling business role creation

Configuring the help desk module/tickets

Configuring the editable properties for creating tickets Configuring the editable properties of tickets Configuring file types for ticket attachments

Configuring hyperviews

Enabling and disabling navigation in hyperviews

Configuring identities

Configuring editable identity properties Configuring properties logged in users can edit in profile settings Enabling or disabling identity creation Configuring maximum size for profile pictures Configuring time for actions for responsibilities of identities

Configuring password questions Configuring cost centers

Enabling or disabling cost center creation

Configuring service items

Configuring the editable properties of service items

Program functions for the Web Portal Configuring software

Configuring the editable properties of software

Configuring locations

Enabling or disabling location creation

Configuring statistics

Configuring shared statistics

Configuring system roles

Enabling or disabling system role creation

Skip table sorting Configuring team roles

Enabling or disabling team role creation

Configuring the four eyes principle for issuing a passcode. Configuring WebAuthn security keys

Step 1: Configuring an OAuth certificate Step 2: Configuring the RSTS Step 3: Configuring the application server Step 4: Configuring the Web Portal

Configuring the Operations Support Web Portal

Configuring editable properties of Job servers

Recommendations for secure operation of web applications

Using HTTPS Disabling the HTTP request method TRACE Disabling insecure encryption mechanisms Removing the HTTP response header in Windows IIS

Recommendations for secure operation of web applications

Here are some solutions that have been tried and tested in conjunction with One Identity Manager tools to guarantee secure operation of One Identity web applications. You decide which security measures are appropriate for your individually customized web applications.

Detailed information about this topic

Disabling the HTTP request method TRACE

Disabling insecure encryption mechanisms

Removing the HTTP response header in Windows IIS

Using HTTPS

Always run the One Identity Manager's web application over the secure communications protocol "Hypertext Transfer Protocol Secure" (HTTPS).

In order for the web application to use the secure communications protocol, you can force the use of the "Secure Sockets Layer" (SSL) when you install the application. For more information for using HTTPS/SSL, see the One Identity Manager Installation Guide.

Disabling the HTTP request method TRACE

The TRACE request allows the path to the web server to be traced and to check that data is transferred there correctly. This allows a trace route to be determined at application level, meaning the path to the web server over various proxies. This method is particularly useful for debugging connections.

IMPORTANT: TRACE should not be enabled in a production environment because it can reduce performance.

To disable the HTTP request method TRACE using Internet Information Services

You will find instructions by following this link:

https://docs.microsoft.com/iis/configuration/system.webserver/tracing/

Disabling insecure encryption mechanisms

It is recommended that you disable all unnecessary encryption methods and protocols on the grounds of security. If you disable redundant protocols and methods, older platforms and systems may not be able to establish connections with web applications anymore. Therefore, you must decide which protocols and methods are necessary, based on the platforms required.

NOTE: The software "IIS Crypto" from Nartac Software is recommended for disabling encryption methods and protocols.

For more information about disabling, see here.

Detailed information about this topic

https://blogs.technet.microsoft.com/exchange/2015/07/27/exchange-tls-ssl-best-practices/

https://support.microsoft.com/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protoc

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center