立即与支持人员聊天
与支持团队交流

Identity Manager 9.2.1 - Web Application Configuration Guide

About this guide Managing the API Server Configuring API projects and web applications
General configuration Configuring the Administration Portal Configuring the Password Reset Portal Configuring the Web Portal
Recommendations for secure operation of web applications

Configuring Content Security Policy

The Content Security Policy (CSP) enables you to effectively prevent cross-site scripting and other attacks aimed at infiltrating data into your web applications. You can adjust the CSP settings at any time.

Required configuration keys:

  • Content security policy for HTML applications ( ContentSecurityPolicy ): Specifies which settings are transferred to the Content Security Policy header and therefore apply to the CSP.

To configure CSP for all web applications

  1. Log in to the Administration Portal (see Logging in to the Administration Portal).

  2. In the navigation, click Configuration.

  3. On the Configuration page, in the Show configuration for the following API project menu, select the API Server API project.

  4. Expand the Content security policy for HTML applications configuration parameter.

  5. In the Value field, enter which settings are to be transferred to the Content Security Policy header and therefore apply to the CSP.

  6. Click Apply.

  7. Perform one of the following actions:

    • If you want to apply the changes locally only, click Apply locally.

    • If you want to apply the changes globally, click Apply globally.

  8. Click Apply.

Configuring the logo

You can define which logo to use in the web application. The logo is displayed on the login page and in the web application's header. If you do not define a logo the One Identity company logo is used.

Required configuration key:

  • Company logo (CompanyLogoUrl): URL where you will find the image file for the company logo.

To configure the logo

  1. Log in to the Administration Portal (see Logging in to the Administration Portal).

  2. In the navigation, click Configuration.

  3. On the Configuration page, in the Show configuration for the following API project menu, select the API Server API project.

  4. Expand the Company logo configuration key.

  5. In the Value field, enter the logo's URL. Enter the URL in one of the following formats:

    • https://www.example.com/logos/company-logo.png

    • http://www.example.com/logos/company-logo.png

    • /logos/company-logo.png (relative to the API Servers base directory)

    TIP: If the logo does not appear, check the configuration of the Content Security Policy using the Content security policy for HTML applications configuration key in the API project API Server (see Configuring Content Security Policy).

  6. Click Apply.

  7. Perform one of the following actions:

    • If you want to apply the changes locally only, click Apply locally.

    • If you want to apply the changes globally, click Apply globally.

  8. Click Apply.

Configuring the user interface language

You can specify which language setting web applications use for the user interface.

Required configuration key:

  • Use language from profile settings as interface language (UseProfileCulture): Specifies whether the interface language uses the language selected in the user's profile setting or the browser's language.

To configure the user interface language

  1. Log in to the Administration Portal (see Logging in to the Administration Portal).

  2. In the navigation, click Configuration.

  3. On the Configuration page, in the Show configuration for the following API project menu, select the API project whose interface language you want to configure.

  4. Expand the Show configuration for the following API project configuration key.

  5. Perform one of the following tasks:

    • To use the language set in the user's profile as the interface language, select the check box.

    • To use the user's browser language as the user interface language, clear the check box.

  6. Click Apply.

  7. Perform one of the following actions:

    • If you want to apply the changes locally only, click Apply locally.

    • If you want to apply the changes globally, click Apply globally.

  8. Click Apply.

Configuring self-registration of new users

In the Password Reset Portal, users who are not yet registered have the option to register themselves and create new user accounts. Users who self-register, receive a verification email with a link to a verification page. On this page, users can complete registration themselves and then set their initial login password.

NOTE: To use this functionality, new users must supply an email address, otherwise the verification email cannot be sent.

NOTE: For more information about self-registration of new users and associated attestation process, see the One Identity Manager Attestation Administration Guide.

NOTE: For more information about how users register themselves or create a new user account, see the One Identity Manager Web Portal User Guide.

To configure self-registration

  1. Start the Designer program.

  2. Connect to the relevant database.

  3. Configure the following configuration parameters:

    TIP: To find out how to edit configuration parameters in Designer, see the One Identity Manager Configuration Guide.

    • QER | WebPortal | PasswordResetURL: Specify the Password Reset Portal's web address. This URL is used, for example, in the email notification to new users.

    • QER | Attestation | MailTemplateIdents | NewExternalUserVerification:

      By default, the verification message and link is sent with the Attestation - new external user verification link mail template.

      To use another template for this notification, change the value in the configuration parameter.

      TIP: In the Designer, you can configure the current mail template in the Mail templates > Person category. For more information about mail templates, see the One Identity Manager Operational Guide.

    • QER | Attestation | ApproveNewExternalUsers: Specify whether self-registered users must be attested before they are activated. A manager then decides whether to approve the new user's registration.

    • QER | Attestation | NewExternalUserTimeoutInHours: For new self-registered users, specify the duration of the verification link in hours.

    • QER | Attestation | NewExternalUserFinalTimeoutInHours: Specify the duration in hours, within which self-registration must be successfully completed.

  4. Assign at least one identity to the Identity & Access Governance | Attestation | Attestor for external users application role.

  5. Ensure that an application token exists. You set the application token when installing the API server with the Web Installer. For more information, see the One Identity Manager Installation Guide.

    The application token is saved as a hash value in the database in the QER | Person | PasswordResetAuthenticator | ApplicationToken configuration parameter and stored encrypted in the web.config file of the API Server.

  6. Ensure that a user is configured with which the new user accounts can be created. You can set up the user and authentication data when the API Server is installed using with the Web Installer or adjust them later. For more information, see the One Identity Manager Installation Guide.

    NOTE: It is recommended to use the IdentityRegistration system user. The IdentityRegistration system user has the specified permissions required for self-registration of new users in the Password Reset Portal. If you require a custom system user, ensure that it has the necessary permissions. For more information about system users and permissions, see the One Identity Manager Authorization and Authentication Guide.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级