Account Management page configuration

The Identity Management (IdM) tool contains the Account Management page function to change and update user profiles.

The Account Management page, contains help desk features to manage user accounts like the following:

  • Username search to retrieve accounts

  • Add new user information (for example, mobile number and personal email address)

  • Update user information (for example, new home address and last name change)

  • Password reset

  • Account status options (for example, lock, unlock, disable, enable)

  • Update multi-factor authentication (MFA) information

  • Set PIN

  • Select knowledge-based questions (KBQs)

  • Reset device recognition information

  • Revoke devices and browsers provisioned for time-based passcode generation, push notifications, and push-to-accept login requests

Prerequisites

  • SecureAuth® Identity Platform release 21.04

  • Data store added to the Identity Platform

    • For Active Directory (AD) data stores, you must use the following settings:

      • Username attribute: samAccountName

      • Search Filter: samAccountName

  • Data store with service account write privileges to add and change user information

  • Configured user authentication policy

Data store limitations

Note the following issues for certain data stores on the Account Management page.

  • Azure AD cloud: Create user with group is not supported (you can still create a user without groups)

  • Azure AD cloud: Disable account is not supported

  • Oracle DB: Enable, disable, or delete accounts not supported

  • Active Directory cloud, LDAP, and NetIQ eDirectory: Lock and disable accounts are not supported

  • NetIQ eDirectory: System error appears when updating last name, even though it works correctly

  • Active Directory, Azure AD cloud, Oracle DB, LDAP and NetIQ eDirectory: Using Reset All Registrations does not reset YubiKey.

    Workaround: Manually reset Yubikey

Step A: Add and configure Account Management page

Use the Internal Application Manager to add and configure the Account Management page.

  1. On the left side of the Identity Platform, click Internal Application Manager.

    Screenshot of Internal Application Manager page.
  2. Click Add New Internal Application.

    The New Internal Application page displays.

    Screenshot of adding a new internal application.
  3. Set the following configurations.

    Internal Application Name

    Set the name of the Account Management page.

    This name is shown on the page header and document title of the end user login pages.

    Note

    If you change this name, it will overwrite any value that is set on the Overview tab in the Classic Experience.

    Internal Application Description

    This is an internal description not shown to end users.

    Data Store

    Enter the data store to authenticate and allow user access to the Account Management page.

    Groups

    Use one of the following options:

    • Slider in the On position (enabled): Allow users from every group in your selected data stores access to the Account Management page.

    • Slider in the Off position (disabled): Enter the specific groups who are allowed access to the Account Management page.

    Authentication Policy

    Select the user authentication policy for the Account Management page.

    Authenticate User Redirect

    Select the Identity Management (IdM) category.

    Identity Management (IdM)

    Select Account Management.

    Redirect To

    This field is automatically populated by the selection of Account Management as an internal application.

    This is the page the end user lands on after login.

  4. Click Create Connection.

    This creates a new internal application with an attached user authentication policy from the new UI.

    internal_app_mgr_003_accountmanager.png
  5. Copy the login URL for your end users to access the Account Management page.

    You'll need this information to share with your end users.

    You can find this on the main Internal Application Manager page or when you edit the Account Management configuration in the Redirect Information section.

    Screenshot of the Internal Application Manager page highlighting the login URLs.
    Screenshot of internal application in edit mode, highlighting the login URL.

Step B: Finish configuration in the Classic Experience

Continue to the Classic Experience to finish the Account Management page configurations.

  1. To complete the Account Management page configuration in the Classic Experience, do one of the following:

    • At the top of the page, click the link in the green confirmation message.

    • At the bottom of the page, click Go to the Classic Version... link.

    The link takes you to the Post Authentication tab in the Classic Experience.

  2. In the User ID Mapping section, set the type of User ID to assert on the Account Management page. This is usually the Authenticated User ID.

    internal_app_mgr_userIDmapping.png
  3. In the Identity Management section, click the Configure help desk page link and make the following settings.

    <SecureAuth Field>

    For each field, set how the field is to display on the Account Management page. Choose from the following options:

    • Hide – Do not show the field on the Account Management page.

    • Show Enabled – Show and allow the end user to edit information in this field on the Account Management page.

    • Show Disabled – Show the field as disabled on the Account Management page.

    Password Reset

    Optional. To use the password reset function on the Account Management page, set to Show.

    Unlock User

    Optional. To use the unlock user function on the Account Management page, set to Show.

    The Unlock User function requires selection of the Lock user account after exceeding attempts option on the Multi-Factor Methods tab > Multi-Factor Throttling subsection.

    Enable / Disable User

    Optional. To use the enable and disable functions on the Account Management page, set to Show.

    Delete User

    Optional. To use the delete user function on the Account Management page, set to Show.

    internal_app_mgr_accountmanager-helpdesk.png
  4. Save your changes.