Account Management (Help Desk) page configuration
The Identity Management (IdM) tool contains the Account Management (Help Desk) page function to change and update user profiles.
The Account Management page, contains help desk features to manage user accounts like the following:
Username search to retrieve accounts
Add new user information (for example, mobile number and personal email address)
Update user information (for example, new home address and last name change)
Password reset
Account status options (for example, lock, unlock, disable, enable)
Update multi-factor authentication (MFA) information
Set PIN
Select knowledge-based questions (KBQs)
Reset device recognition information
Revoke devices and browsers provisioned for time-based passcode generation, push notifications, and push-to-accept login requests
Prerequisites
SecureAuth® Identity Platform release 21.04
Data store added to the Identity Platform
For Active Directory (AD) data stores, you must use the following settings:
Username attribute: samAccountName
Search Filter: samAccountName
Data store with service account write privileges to add and change user information
Configured user authentication policy
Data store limitations
Note the following issues for certain data stores on the Account Management (Help Desk) page.
Microsoft Entra ID (formerly Azure AD) cloud: Create user with group is not supported (you can still create a user without groups)
Microsoft Entra ID (formerly Azure AD) cloud: Disable account is not supported
Oracle DB: Enable, disable, or delete accounts not supported
Active Directory cloud, LDAP, and NetIQ eDirectory: Lock and disable accounts are not supported
NetIQ eDirectory: System error appears when updating last name, even though it works correctly
Active Directory, Microsoft Entra ID (formerly Azure AD) cloud, Oracle DB, LDAP and NetIQ eDirectory: Using Reset All Registrations does not reset YubiKey.
Workaround: Manually reset YubiKey
Step A: Add and configure Account Management (Help Desk) page
Use the Internal Application Manager to add and configure the Account Management (Help Desk) page.
On the left side of the Identity Platform, click Internal Application Manager.
Click Add New Internal Application.
The New Internal Application page displays.
Set the following configurations:
Internal Application Name
Set the name of the Account Management (Help Desk) page.
This name is shown on the page header and document title of the end user login pages.
Note
If you change this name, it will overwrite any value that is set on the Overview tab in the Advanced Settings.
Internal Application Description
This is an internal description not shown to end users.
Data Store
Enter the data store to authenticate and allow user access to the Account Management (Help Desk) page.
Groups
Use one of the following options:
Slider in the On position (enabled): Allow users from every group in your selected data stores access to the Account Management (Help Desk) page.
Slider in the Off position (disabled): Enter the specific groups who are allowed access to the Account Management (Help Desk) page.
Authentication Policy
Select the user authentication policy for the Account Management (Help Desk) page.
Authenticate User Redirect
Select the Identity Management (IdM) category.
Identity Management (IdM)
Select Account Management.
Redirect To
This field is automatically populated by the selection of Account Management as an internal application.
This is the page the end user lands on after login.
Click Create Connection.
This creates a new internal application with an attached user authentication policy from the New Experience.
Copy the login URL for your end users to access the Account Management (Help Desk) page.
You'll need this information to share with your end users.
You can find this on the main Internal Application Manager page or when you edit the Account Management configuration in the Redirect Information section.
Step B: Finish configuration in Advanced Settings
Continue to Advanced Settings (formerly Classic Experience) to finish the Account Management page configurations.
To complete the Account Management (Help Desk) page configuration in Advanced Settings, do one of the following:
At the top of the page, click the link in the green confirmation message.
At the bottom of the page, click Go to the Advanced Settings... link.
The link takes you to the Post Authentication tab in Advanced Settings.
In the User ID Mapping section, set the type of User ID to assert on the Account Management (Help Desk) page. This is usually the Authenticated User ID.
In the Identity Management section, click the Configure help desk page link.
For the Help Desk page, set the configuration settings as needed.
<SecureAuth Field>
For each field, set how the field is to display on the Account Management (Help Desk) page. Choose from the following options:
Hide – Do not show the field on the Account Management (Help Desk) page.
Show Enabled – Show and allow the end user to edit information in this field on the Account Management (Help Desk) page.
Show Disabled – Show the field as disabled on the Account Management page.
Password Reset
Optional. To use the password reset function on the Account Management (Help Desk) page, set to Show.
Unlock User
Optional. To use the unlock user function on the Account Management (Help Desk) page, set to Show.
The Unlock User function requires selection of the Lock user account after exceeding attempts option on the Multi-Factor Methods tab > Multi-Factor Throttling subsection.
Enable / Disable User
Optional. To use the enable and disable functions on the Account Management (Help Desk) page, set to Show.
Delete User
Optional. To use the delete user function on the Account Management (Help Desk) page, set to Show.
Save your changes.