Help Desk user verification configuration
The Identity Management (IdM) tool has a user verification feature in the Help Desk. As a Help Desk person, when a user contacts the Help Desk in your organization, you can send an authentication request to validate that user.
This topic covers how to configure the Account Management (Help Desk) page for user verification.
Use cases
Here are some use case examples about the user verification feature in Help Desk.
Use case 1: Send one-time passcode (OTP) to verify user
An employee named Joe, contacts the Help Desk in your organization to reset their password.
As a Help Desk person, you send a one-time passcode (OTP) via SMS to Joe's mobile phone on the account.
Joe repeats the SMS code back to you as a verification method.
As a Help Desk person, you can then proceed with the password reset for Joe.
Use case 2: Send a push notification to verify user
An employee named Mary, contacts the Help Desk in your organization to reset their password.
As a Help Desk person, you send a one-time push notification to the Authenticate app on Mary's mobile phone.
Mary taps and approves the authentication request in the Authenticate app.
As a Help Desk person, you receive an indicator on the Help Desk page that Mary's account is verified. You can then proceed with the password reset for Mary.
Prerequisites
SecureAuth® Identity Platform release 23.07 or later
Data store added to the Identity Platform.
Data store must have a service account set with write privileges to modify. This is needed to change user account status.
Configured user authentication policy
Configure Account Management (Help Desk) page
In this section, you'll configure the Account Management (Help Desk) page to enable the user verification feature.
If you do not have an Account Management (Help Desk) page set up, see Account Management (Help Desk) page configuration.
Otherwise, to quickly get to this configuration, do the following:
In the Internal Application Manager, edit the Account Management (Help Desk) page.
Scroll to the bottom of the page and click the Go to Advanced Settings to finish the configuration for this application link.
in the Identity Management section, click the Configure help desk page link.
On the Help Desk page, scroll down to the bottom of the page and set the User Verification to Show.
Top of page
Bottom of page
Set the related configuration settings for the Help Desk page as needed.
<SecureAuth Field>
For each field, set how the field is to display on the Help Desk page. Choose from the following options:
Hide – Do not show the field on the Help Desk page.
Show Enabled – Show and allow the Help Desk user to edit information in this field on the Account Management page.
Show Disabled – Show the field as disabled on the Help Desk page.
Password Reset
Optional. To use the password reset function on the Account Management page, set to Show.
Unlock User
Optional. To use the unlock user function on the Help Desk page, set to Show.
The Unlock User function requires selection of the Lock user account after exceeding attempts option on the Multi-Factor Methods tab > Multi-Factor Throttling subsection.
Enable / Disable User
Optional. To use the enable and disable functions on the Help Desk page, set to Show.
In the MFA Verification column, select the check boxes for the MFA methods to which you can send a verification request.
For example, to send an SMS verification request to the user's mobile device, select Phone 1.
Top of page
Bottom of page
You can select any one or more MFA methods. If the user has profile data or an enrolled device, it will show up in the list of available MFA methods to the Help Desk user. In general, when the Help Desk user activates the user verification process, the following can apply:
Phone – If the user has at least one phone number in their profile, SMS will show as an MFA verification option. As a Help Desk user, you can send a SMS OTP or SMS login request to the user's mobile device for user verification.
Email – If the user has at least one email in their profile, Email will show as an MFA verification option. As a Help Desk user, you can send an Email OTP or Email login request to the user's email for user verification.
OATH OTP – If the user has at least one mobile device set up in their profile, OATH OTP will show as an MFA verification option. As a Help Desk user, you can send an push notification to the Authenticate app on their mobile device for user verification.
Save your changes.
Next, learn more about the Help Desk user verification process.