Skip to main content

Account Management (Help Desk) page configuration

The Identity Management (IdM) tool contains the Account Management (Help Desk) page function to manage user profiles.

The Account Management page, contains help desk features to manage user accounts like the following:

  • Username search to retrieve accounts

  • Add new user information (for example, mobile number and personal email address)

  • Update user information (for example, new home address and last name change)

  • Password reset

  • Account status options (for example, lock, unlock, disable, enable)

  • Update multi-factor authentication (MFA) information

  • Set PIN

  • Reset device recognition information

  • Revoke devices and browsers provisioned for time-based passcode generation, push notifications, and push-to-accept login requests

Prerequisites

  • SecureAuth® Identity Platform release 22.02 or later

  • Data store added to the Identity Platform

    • For Active Directory (AD) data stores, you must use the following settings:

      • Username attribute: samAccountName

      • Search Filter: samAccountName

  • Data store with service account write privileges to add and change user information

  • Configured user authentication policy

Data store limitations

Note the following issues for certain data stores on the Account Management (Help Desk) page.

  • Microsoft Entra ID (formerly Azure AD) cloud: Create user with group is not supported (you can still create a user without groups)

  • Microsoft Entra ID (formerly Azure AD) cloud: Disable account is not supported

  • Oracle DB: Enable, disable, or delete accounts not supported

  • Active Directory cloud, LDAP, and NetIQ eDirectory: Lock and disable accounts are not supported

  • NetIQ eDirectory: System error appears when updating last name, even though it works correctly

  • Active Directory, Microsoft Entra ID (formerly Azure AD) cloud, Oracle DB, LDAP and NetIQ eDirectory: Using Reset All Registrations does not reset YubiKey.

    Workaround: Manually reset YubiKey

Step A: Add and configure Account Management (Help Desk) page

Use the Internal Application Manager to add and configure the Account Management (Help Desk) page.

  1. On the left side of the Identity Platform, click Internal Application Manager.

    Screenshot of Internal Application Manager page.
  2. Click Add New Internal Application.

    The New Internal Application page displays.

    new_internal_app_2202.png
  3. Set the following configurations:

    Internal Application Name

    Set the name of the Account Management (Help Desk) page.

    This name is shown on the page header and document title of the end user login pages.

    Note

    If you change this name, it will overwrite any value that is set on the Overview tab in the Advanced Settings.

    Internal Application Description

    This is an internal description not shown to end users.

    Data Store

    Enter the data store to authenticate and allow user access to the Account Management (Help Desk) page.

    Groups

    Use one of the following options:

    • Slider in the On position (enabled): Allow users from every group in your selected data stores access to the Account Management (Help Desk) page.

    • Slider in the Off position (disabled): Enter the specific groups who are allowed access to the Account Management (Help Desk) page.

    Authentication Policy

    Select the user authentication policy for the Account Management (Help Desk) page.

    Realm Number

    Select the Realm Number to use for this application.

    Authenticate User Redirect

    Select the Identity Management (IdM) category.

    Identity Management (IdM)

    Select Account Management.

    Redirect To

    This field is automatically populated by the selection of Account Management as an internal application.

    This is the page the end user lands on after login.

  4. Click Create Connection.

    This creates a new internal application with an attached user authentication policy from the New Experience.

    internal_app_mgr_003_accountmanager.png
  5. Copy the login URL for your end users to access the Account Management (Help Desk) page.

    You'll need this information to share with your end users.

    You can find this on the main Internal Application Manager page or when you edit the Account Management configuration in the Redirect Information section.

    int_app_mgr_login_url_2202.png
    int_app_mgr_pw_reset_url2202.png

Step B: Finish configuration in Advanced Settings

Continue to Advanced Settings (formerly Classic Experience) to finish the Account Management page configurations.

  1. To complete the Account Management (Help Desk) page configuration in Advanced Settings, do one of the following:

    • At the top of the page, click the link in the green confirmation message.

    • At the bottom of the page, click Go to the Advanced Settings... link.

    The link takes you to the Post Authentication tab in Advanced Settings.

  2. In the User ID Mapping section, set the type of User ID to assert on the Account Management (Help Desk) page. This is usually the Authenticated User ID.

    internal_app_mgr_userIDmapping.png
  3. In the Identity Management section, click the Configure help desk page link.

    help_desk_user_verification_001.png
  4. For the Help Desk page, set the configuration settings as needed.

    <SecureAuth Field>

    For each field, set how the field is to display on the Account Management (Help Desk) page. Choose from the following options:

    • Hide – Do not show the field on the Account Management (Help Desk) page.

    • Show Enabled – Show and allow the end user to edit information in this field on the Account Management (Help Desk) page.

    • Show Disabled – Show the field as disabled on the Account Management page.

    Password Reset

    Optional. To use the password reset function on the Account Management (Help Desk) page, set to Show.

    Unlock User

    Optional. To use the unlock user function on the Account Management (Help Desk) page, set to Show.

    The Unlock User function requires selection of the Lock user account after exceeding attempts option on the Multi-Factor Methods tab > Multi-Factor Throttling subsection.

    Enable / Disable User

    Optional. To use the enable and disable functions on the Account Management (Help Desk) page, set to Show.

    Delete User

    Optional. To use the delete user function on the Account Management (Help Desk) page, set to Show.

    idm_helpdesk_top.png

    Top of page

    idm_helpdesk_bottom.png

    Bottom of page

  5. Save your changes.