Account Management page configuration

The Identity Management (IdM) tool contains the Account Management page function to change and update user profiles.

The Account Management page, contains help desk features to manage user accounts like the following:

  • Username search to retrieve accounts

  • Add new user information (for example, mobile number and personal email address)

  • Update user information (for example, new home address and last name change)

  • Password reset

  • Account status options (for example, lock, unlock, disable, enable)

  • Update multi-factor authentication (MFA) information

  • Set PIN

  • Select knowledge-based questions (KBQs)

  • Reset device recognition information

  • Revoke devices and browsers provisioned for time-based passcode generation, push notifications, and push-to-accept login requests

Prerequisites

  • SecureAuth® Identity Platform release 22.02

  • Data store added to the Identity Platform

    • For Active Directory (AD) data stores, you must use the following settings:

      • Username attribute: samAccountName

      • Search Filter: samAccountName

  • Data store with service account write privileges to add and change user information

  • Configured user authentication policy

Data store limitations

Note the following issues for certain data stores on the Account Management page.

  • Azure AD cloud: Create user with group is not supported (you can still create a user without groups)

  • Azure AD cloud: Disable account is not supported

  • Oracle DB: Enable, disable, or delete accounts not supported

  • Active Directory cloud, LDAP, and NetIQ eDirectory: Lock and disable accounts are not supported

  • NetIQ eDirectory: System error appears when updating last name, even though it works correctly

  • Active Directory, Azure AD cloud, Oracle DB, LDAP and NetIQ eDirectory: Using Reset All Registrations does not reset YubiKey.

    Workaround: Manually reset Yubikey

Step A: Add and configure Account Management page

Use the Internal Application Manager to add and configure the Account Management page.

  1. On the left side of the Identity Platform, click Internal Application Manager.

    Screenshot of Internal Application Manager page.
  2. Click Add New Internal Application.

    The New Internal Application page displays.

    Screenshot of adding a new internal application.
  3. Set the following configurations:

  4. Click Create Connection.

    This creates a new internal application with an attached user authentication policy from the new UI.

    internal_app_mgr_003_accountmanager.png
  5. Copy the login URL for your end users to access the Account Management page.

    You'll need this information to share with your end users.

    You can find this on the main Internal Application Manager page or when you edit the Account Management configuration in the Redirect Information section.

    int_app_mgr_login_url_2202.png
    int_app_mgr_pw_reset_url2202.png

Step B: Finish configuration in the Classic Experience

Continue to the Classic Experience to finish the Account Management page configurations.

  1. To complete the Account Management page configuration in the Classic Experience, do one of the following:

    • At the top of the page, click the link in the green confirmation message.

    • At the bottom of the page, click Go to the Classic Version... link.

    The link takes you to the Post Authentication tab in the Classic Experience.

  2. In the User ID Mapping section, set the type of User ID to assert on the Account Management page. This is usually the Authenticated User ID.

    internal_app_mgr_userIDmapping.png
  3. In the Identity Management section, click the Configure help desk page link and make the following settings.

    <SecureAuth Field>

    For each field, set how the field is to display on the Account Management page. Choose from the following options:

    • Hide – Do not show the field on the Account Management page.

    • Show Enabled – Show and allow the end user to edit information in this field on the Account Management page.

    • Show Disabled – Show the field as disabled on the Account Management page.

    Password Reset

    Optional. To use the password reset function on the Account Management page, set to Show.

    Unlock User

    Optional. To use the unlock user function on the Account Management page, set to Show.

    The Unlock User function requires selection of the Lock user account after exceeding attempts option on the Multi-Factor Methods tab > Multi-Factor Throttling subsection.

    Enable / Disable User

    Optional. To use the enable and disable functions on the Account Management page, set to Show.

    Delete User

    Optional. To use the delete user function on the Account Management page, set to Show.

    internal_app_mgr_accountmanager-helpdesk.png
  4. Save your changes.