立即与支持人员聊天
与支持团队交流

Identity Manager 9.2.1 - Web Designer Web Application Configuration Guide

About this guide Configuring the Web Portal Configuring self-registration of new users Configuring the Password Reset Portal WebAuthn security keys Configuring the Application Governance Module Recommendations for secure operation of web applications

Setting a central password

The central password is set separately from other password to prevent problems.

Once at least one of the logged in user's passwords is managed by the central password, two options are provided after authentication.

  1. Setting the central password
  2. Setting one or more passwords

If setting one or more passwords, it is possible to set a password managed by the central password. If you want to prevent this, you can exclude the password from being reset.

For more information, see Excluding passwords from being reset.

Configuring checks for all passwords

Once a user has changed their central password and the user account is linked to other target system accounts, the password can be checked against all the password policies of the connected target systems.

To configure checks for all passwords

  1. Start the Designer program.

  2. Connect to the relevant database.

  3. Set the QER | Person | UseCentralPassword | CheckAllPolicies configuration parameter.

    TIP: To find out how to edit configuration parameters in Designer, see the One Identity Manager Configuration Guide.

Setting up a new application token

You can set a new application token using WebDesigner.ConfigFileEditor.exe.

To set a new application token

  1. In the One Identity Manager installation directory, start WebDesigner.ConfigFileEditor.exe.
  2. Ensure that QER_PasswordWeb is set as the web project.
  3. Click next to Application token exists.

Configuring Password Reset Portal login using target system user accounts

By default, it is only possible to log in to the Password Reset Portal using password questions or a passcode if you use a central user account. You can configure the Password Reset Portal's authentication module such that log in with the help of password questions or a passcode is also possible using a target system user account (Active Directory user accounts, for example). To do this, enter database tables and columns containing the user names of user accounts that are permitted to log in to the Password Reset Portal. For more information the about Password Reset Portal's authentication module, see the One Identity Manager Authorization and Authentication Guide.

To configure login using target system user accounts

  1. Start the Designer program.

  2. Connect to the relevant database.

  3. Set and configure the following configuration parameters:

    TIP: To find out how to edit configuration parameters in Designer, see the One Identity Manager Configuration Guide.

    • QER | Person | PasswordResetAuthenticator | SearchTable: Enter the name of the database table containing the use names of the user accounts permitted to log in to the Password Reset Portal.
      When a user tries to log in to the Password Reset Portal, this table and the column given under SearchColumn are searched for the user names permitted for use.

      Example: ADSAccount

      NOTE: This database table must have a foreign key named UID_Person that references the Person table. This is required to match the user names to the One Identity Manager user accounts.

    • QER | Person | PasswordResetAuthenticator | SearchColumn: Enter the name of the table column containing the use names of the user accounts permitted to log in to the Password Reset Portal.
      When a user tries to log in to the Password Reset Portal, this column and the table given under SearchTable are searched for the user names permitted for use.

      TIP: To enter more than one column, delimit them with the pipe character (|).

      Example: CN|SamAccountName

    • QER | Person | PasswordResetAuthenticator | DisabledBy: (Optional) Enter the name of the Boolean table column that specifies whether a user account is locked. User accounts that are marked as locked (column value: true) cannot log in to the Password Reset Portal.

      TIP: To enter more than one column, delimit them with the pipe character (|).

      Example: Locked|Disabled

    • QER | Person | PasswordResetAuthenticator | EnabledBy: (Optional) Enter the name of the Boolean table column that specifies whether a user account is enabled. User accounts that are marked as disabled (column value: false) cannot log in to the Password Reset Portal.

      TIP: To enter more than one column, delimit them with the pipe character (|).

      Example: Active|Enabled

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级