Step 4: Configuring the web application
NOTE: The web application to be used by WebAuthn, must apply the HTTPS secure communications protocol (see Using HTTPS).
To configure WebAuthn in web applications
-
Start the Web Designer program.
-
Connect to the relevant database.
-
In the menu bar, click View > Start page.
-
In the toolbar, click Select web application and select the web application you want to use.
-
Click Edit web application settings.
- In the Edit web application settings dialog, in the Authentication module menu, click OAuth 2.0/OpenID Connect.
- In the OAuth pane, in the OAuth 2.0/OpenID Connect configuration menu, click the appropriate identity provider.
- Click OK.
-
In the menu bar, click Edit > Configure project > Web project.
-
In the Configure project view, configure the following configuration keys:
-
VI_Common_RequiresAccessControl: Set this parameter to enable two-factor authentication.
-
VI_Common_AccessControl_WebAuthn_2FA: Specify whether you want to enable WebAuthn two-factor authentication for the web application.
You can configure WebAuthn two-factor authentication and security key management separately. If, for example, you want to only enable management of security keys but not of two-factor authentication with the help of security keys in the web application, do not set this configuration key and set the VI_Common_AccessControl_WebAuthn_2FA_VisibleControls configuration key described below.
-
VI_Common_AccessControl_WebAuthn_2FA_VisibleControls: Specify whether users can manage security keys in the web application.
-
VI_Employee_QERWebAuthnKey_Filter: Specify, which employees can manage security keys in the web application. If you do not enter anything here, all web application users manage the security keys (assuming the VI_Common_AccessControl_WebAuthn_2FA_VisibleControls configuration key is set).
-
VI_Common_AccessControl_WebAuthn_2FAID: Enter a unique identifier for the secondary authentication provider for WebAuthn two-factor authentication. You will find this identifier in your RSTS configuration.
-
In your Internet browser, call the URL of the RSTS administration interface: https://<Webanwendung>/RSTS/admin.
-
On the main page, click Authentication Providers.
-
On the Authentication Providers page, click the appropriate entry.
-
On the Edit page, switch to the Two Factor Authentication tab.
-
Take the ID from the Provider ID field.
Related topics
Configuring the Application Governance Module
The Application Governance Module allows you to quickly and simply run the onboarding process for new applications from one place using one tool. An application created with the Application Governance Module combines all the permissions application users require for their regular work. You can assign entitlements and roles to your application and plan when they become available as service items (for example, in the Web Portal).
Related topics
Configuring entitlements
To enable employees to view, create, and manage applications as well as approve requests for application products in the Web Portal, you must assign specific application roles to employees.
NOTE: Managing an application involves the following:
-
Editing the application's main data and the assigned entitlements and roles
-
Assigning entitlements and roles to the application
-
Unassigning entitlements and roles from the application
-
Deploying the application and associated entitlements and roles
-
Undeploying the application and its associated permissions and roles
To assign an application role for application governance to employees
-
Start the Manager program.
-
Connect to the relevant database.
-
Select the One Identity Manager Administration category.
-
In the upper navigation pane, click the application role you want to assign to employees:
-
Application Governance | Administrators: Members of this application role create new applications and manage all applications in the Web Portal.
-
Application Governance | Owners: If this application role is assigned to an application as an owner application role, the members manage the application in the Web Portal.
-
Application Governance | Approvers: If this application role is assigned to an application as an approver application role, the members can approve requests for products of this application (if the BE - Approver of an application approval procedure is used).
-
In the Tasks pane, select the Assign employees task.
-
In the Add Assignments area, double-click the employees to whom you want to assign the application role.
-
Click (Save).
Filling application hyperviews
In the Web Portal, an overview is available to users for each application in the form of a hyperview. The Fill application overview schedule collects all the data for this hyperview and fills it.
To start the schedule to populate the hyperview
-
Start the Designer program.
-
Connect to the relevant database.
-
In the Designer, select the Base data > General > Schedules category.
-
In the list, select the Fill application overview schedule.
-
In the schedule's details pane, click Start.
-
Confirm the security prompt with Yes.
To edit the schedule for filling the application's hyperview
-
Start the Designer program.
-
Connect to the relevant database.
-
In the Designer, select the Base data > General > Schedules category.
-
In the list, select the Fill application overview schedule.
-
In the schedule's details pane, edit the schedule's main data.
For more information about schedule and their properties, see One Identity Manager Operational Guide.
-
Select the Database > Commit to database menu item and click Save.