keycloak-scim/server_admin/topics/account.adoc

151 lines
4.8 KiB
Text
Raw Normal View History

2016-05-27 18:52:34 +00:00
[[_account-service]]
== Account Console
2016-05-27 18:52:34 +00:00
{project_name} users can manage their accounts through the Account Console. Users can manage their profiles, add two-factor authentication, include identity provider acounts, and manage device activity.
2016-05-27 18:52:34 +00:00
[role="_additional-resources"]
.Additional resources
2016-05-27 18:52:34 +00:00
* The Account Console is completely themeable and internationalizable as is the case with all {project_name} user interfaces. For example, you can add attributes to the *Personal Info* page. For more details, see the link:{developerguide_link}[{developerguide_name}].
2016-05-27 18:52:34 +00:00
=== Accessing the Account Console
2016-05-27 18:52:34 +00:00
Any user can access the Account Console.
2016-05-27 18:52:34 +00:00
.Procedure
2016-05-27 18:52:34 +00:00
. Make note of the realm name and IP address for the {project_name} server where your account exists.
2016-05-27 18:52:34 +00:00
. In a web browser, enter a URL in this format: `<server-root>{kc_realms_path}/{realm-name}/account`.
2016-05-27 18:52:34 +00:00
. Enter your login name and password.
2016-05-27 18:52:34 +00:00
.Account Console
image:images/account-console-intro.png[Account Console]
2016-05-27 18:52:34 +00:00
=== Configuring ways to sign in
2016-05-27 18:52:34 +00:00
You can sign in to this console using basic authentication (a login name and password) or two-factor authentication. For two-factor authentication, use one of the following procedures.
==== Two-factor authentication with OTP
2016-05-27 18:52:34 +00:00
.Prerequisites
* OTP is a valid authentication mechanism for your realm.
.Procedure
. Click *Account Security* in the menu.
. Click *Signing In*.
. Click *Set Up Authenticator Application*.
+
.Signing In
image:images/account-console-signing-in.png[Signing In]
. Follow the directions that appear on the screen to use either
https://freeotp.github.io/[FreeOTP] or https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2[Google Authenticator] on your mobile device as your OTP generator.
. Scan the QR code in the screen shot into the OTP generator on your mobile device.
. Log out and log in again.
. Respond to the prompt by entering an OTP that is provided on your mobile device.
==== Two-factor authentication with WebAuthn
.Prerequisites
* WebAuthn is a valid two-factor authentication mechanism for your realm. Please follow the xref:webauthn_{context}[WebAuthn] section for more details.
.Procedure
. Click *Account Security* in the menu.
. Click *Signing In*.
. Click *Set up Security Key*.
+
.Signing In
image:images/account-console-signing-in-webauthn-2factor.png[Signing In With Security Key]
. Prepare your WebAuthn Security Key. How you prepare this key depends on the type of WebAuthn security key you use. For example, for a USB based Yubikey, you may need to put your key into the USB port on your laptop.
. Click *Register* to register your security key.
. Log out and log in again.
. Assuming authentication flow was correctly set, a message appears asking you to authenticate with your Security Key as second factor.
==== Passwordless authentication with WebAuthn
.Prerequisites
* WebAuthn is a valid passwordless authentication mechanism for your realm. Please follow the <<_webauthn_passwordless,Passwordless WebAuthn section>> for more details.
.Procedure
. Click *Account Security* in the menu.
. Click *Signing In*.
. Click *Set up Security Key* in the *Passwordless* section.
+
.Signing In
image:images/account-console-signing-in-webauthn-passwordless.png[Signing In With Security Key]
. Prepare your WebAuthn Security Key. How you prepare this key depends on the type of WebAuthn security key you use. For example, for a USB based Yubikey, you may need to put your key into the USB port on your laptop.
. Click *Register* to register your security key.
. Log out and log in again.
. Assuming authentication flow was correctly set, a message appears asking you to authenticate with your Security Key as second factor. You no longer need to provide your password to log in.
=== Viewing device activity
You can view the devices that are logged in to your account.
.Procedure
. Click *Account Security* in the menu.
2021-02-19 19:10:41 +00:00
. Click *Device Activity*.
. Log out a device if it looks suspicious.
.Devices
image:images/account-console-device.png[Devices]
2016-05-27 18:52:34 +00:00
=== Adding an identity provider acccount
2016-05-27 18:52:34 +00:00
You can link your account with an <<_identity_broker, identity broker>>. This option is often used to link social provider accounts.
.Procedure
. Log into the Admin Console.
. Click *Identity Providers* in the menu.
. Click *Add provider*.
. Select a provider and complete the fields.
. Return to the Account Console.
. Click *Account Security* in the menu.
2021-02-19 19:10:41 +00:00
. Click *Linked Accounts*.
The identity provider you added appears in this page.
.Linked Accounts
image:images/account-console-linked.png[Linked Accounts]
=== Accessing other applications
The *Applications* menu item shows users which applications you can access. In this case, only the Account Console is available.
.Applications
image:images/account-console-applications.png[Applications]