立即与支持人员聊天
与支持团队交流

Identity Manager 8.2.1 - Web Application Configuration Guide

Logging in without multi-factor authentication

You can specify which users can log in to the web application without multi-factor authentication:

Required configuration key:

  • Allow access for users who are not registered for multi-factor authentication (VI_Common_AccessControl_AllowUnregistered): Specifies whether users that are not registered for multi-factor authentication are allowed to access the web application.

  • MFA bypass IP address range(MfaAllowListIpAddressRange): Users with the IP addresses specified here can log in to the web application without multi-factor authentication.

To allow login without multi-factor authentication for all users

  1. Log in to the Administration Portal (see Logging in to the Administration Portal).

  2. In the navigation, click Configuration.

  3. In the navigation, click Configuration.

  4. On the Configuration page, in the Show configuration for the following API project menu, select the API project that you want configure without multi-factor authentication.

  5. Expand the Allow access for users who are not registered for multi-factor authentication configuration key.

  6. Select the Allow access for users who are not registered for multi-factor authentication check box.

  7. Click Apply.

  8. Perform one of the following actions:

    • If you want to apply the changes locally only, click Apply locally.

    • If you want to apply the changes globally, click Apply globally.

  9. Click Apply.

To allow login without multi-factor authentication for specific IP addresses

  1. Log in to the Administration Portal (see Logging in to the Administration Portal).

  2. In the navigation, click Configuration.

  3. In the navigation, click Configuration.

  4. On the Configuration page, in the Show configuration for the following API project menu, select the imx API project.

  5. Expand the MFA bypass IP address range configuration key.

  6. In the Value field, enter the corresponding IP addresses/address ranges.

    Example:

    192.168.0.10 - 192.168.10.20,192.168.0.*,192.168.0.0/255.255.255.0,192.168.0.0/16,fe80::/10,192.168.0.0

    TIP: You can also give IP addresses in Classless Inter-Domain Routing (CIDR) notation.

  7. Click Apply.

  8. Perform one of the following actions:

    • If you want to apply the changes locally only, click Apply locally.

    • If you want to apply the changes globally, click Apply globally.

  9. Click Apply.

Activating Starling Two-Factor Authentication for the Operations Support Web Portal

On the API Server, you can enable Starling 2FA for the Operations Support Web Portal.

To enable Starling Two-Factor Authentication for the Operations Support Web Portal

  1. Start the API Designer program.

  2. In the menu bar, click View > Navigation.

  3. In the navigation, click API projects.

  4. In the tree view, double-click on the QBM_OperationsSupport project.

  5. In the definition tree view, right-click (Authentication) node.

  6. In the context menu, click Object in extension > Add to extension <extension name> > Authentication module.

  7. In the menu bar, click View > Node editor.

  8. In the definition tree view, click the newly created Second authentication factor.

  9. In the Node editor pane, tick the Second authentication factor box.

  10. In the menu, click Starling 2FA.

Configuring the Application Governance Module

The Application Governance Module allows you to quickly and simply run the onboarding process for new applications from one place using one tool. An application created with the Application Governance Module combines all the permissions application users require for their regular work. You can assign entitlements and roles to your application and plan when they become available as service items (for example, in the Web Portal).

Related topics

Configuring entitlements

To enable employees to view, create, and manage applications as well as approve requests for application products in the Web Portal, you must assign specific application roles to employees.

NOTE: Managing an application involves the following:

  • Editing the application's main data and the assigned entitlements and roles

  • Assigning entitlements and roles to the application

  • Unassigning entitlements and roles from the application

  • Deploying the application and associated entitlements and roles

  • Undeploying the application and its associated permissions and roles

To assign an application role for application governance to employees

  1. Start the Manager program.

  2. Connect to the relevant database.

  3. Select the One Identity Manager Administration category.

  4. In the upper navigation pane, click the application role you want to assign to employees:

    • Application Governance | Administrators: Members of this application role create new applications and manage all applications in the Web Portal.

    • Application Governance | Owners: If this application role is assigned to an application as an owner application role, the members manage the application in the Web Portal.

    • Application Governance | Approvers: If this application role is assigned to an application as an approver application role, the members can approve requests for products of this application (if the BE - Approver of an application approval procedure is used).

  5. In the Tasks pane, select the Assign employees task.

  6. In the Add Assignments area, double-click the employees to whom you want to assign the application role.

  7. Click (Save).

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级