diff --git a/server_admin/topics/users.adoc b/server_admin/topics/users.adoc index 382af014dc..61127c6a2f 100644 --- a/server_admin/topics/users.adoc +++ b/server_admin/topics/users.adoc @@ -1,7 +1,7 @@ == Managing Users -From the administrator console, you have a wide range of actions you can perform to manage users. +From the Admin Console, you have a wide range of actions you can perform to manage users. include::users/proc-searching-user.adoc[leveloffset=+2] include::users/proc-creating-user.adoc[leveloffset=+2] @@ -13,15 +13,15 @@ include::users/proc-setting-password-user.adoc[leveloffset=+3] include::users/proc-creating-otp.adoc[leveloffset=+3] include::users/con-required-actions.adoc[leveloffset=+2] -include::proc-setting-required-actions.adoc[leveloffset=+3] -include::proc-setting-default-required-actions.adoc[leveloffset=+3] -include::proc-enabling-terms-conditions.adoc[leveloffset=+3] +include::users/proc-setting-required-actions.adoc[leveloffset=+3] +include::users/proc-setting-default-required-actions.adoc[leveloffset=+3] +include::users/proc-enabling-terms-conditions.adoc[leveloffset=+3] include::users/con-user-impersonation.adoc[leveloffset=+2] include::users/con-user-registration.adoc[leveloffset=+2] -include::proc-enabling-user-registration.adoc[leveloffset=3] -include::proc-registering-new-user.adoc[leveloffset=3] +include::users/proc-enabling-user-registration.adoc[leveloffset=3] +include::users/proc-registering-new-user.adoc[leveloffset=3] include::users/proc-enabling-recaptcha.adoc[leveloffset=+2] include::users/ref-personal-data-collected.adoc[leveloffset=+2] diff --git a/server_admin/topics/users/con-required-actions.adoc b/server_admin/topics/users/con-required-actions.adoc index c2fc432926..af59fa435d 100644 --- a/server_admin/topics/users/con-required-actions.adoc +++ b/server_admin/topics/users/con-required-actions.adoc @@ -5,9 +5,7 @@ [id="con-required-actions_{context}"] = Required Actions -You can set the actions that a user must perform at the first login. These actions are required after the user provides credentials. After the first login, these actions are no longer required. - -You can add required actions for each user in the *Details* tab of the admin console. +You can set the actions that a user must perform at the first login. These actions are required after the user provides credentials. After the first login, these actions are no longer required. You add required actions on the *Details* tab of that user. The following are examples of required action types: diff --git a/server_admin/topics/users/con-user-impersonation.adoc b/server_admin/topics/users/con-user-impersonation.adoc index 8544cbd25b..0e158dbe3e 100644 --- a/server_admin/topics/users/con-user-impersonation.adoc +++ b/server_admin/topics/users/con-user-impersonation.adoc @@ -12,7 +12,7 @@ Any user with the `impersonation` role in the realm can impersonate a user. image:{project_images}/user-details.png[] * If the administrator and the user are in the same realm, then the administrator will be logged out and automatically logged in as the user being impersonated. -* If the administrator and user are not in the same realm, the administrator will remain logged in, and additionally will be logged in as the user in that user's realm. +* If the administrator and user are in different realms, the administrator will remain logged in, and additionally will be logged in as the user in that user's realm. In both instances, the *User Account Management* page of the impersonated user is displayed. diff --git a/server_admin/topics/users/proc-creating-otp.adoc b/server_admin/topics/users/proc-creating-otp.adoc index ab387053a8..83cc8cb552 100644 --- a/server_admin/topics/users/proc-creating-otp.adoc +++ b/server_admin/topics/users/proc-creating-otp.adoc @@ -6,16 +6,17 @@ = Creating an OTP [role="_abstract"] -If OTP is conditional in your realm, the user must navigate to the *User Account Management* page to reconfigure a new OTP generator. If OTP is required, then the user must reconfigure a new OTP generator when logging in. You can use the following procedure if the user already has an OTP credential. +If OTP is conditional in your realm, the user must navigate to {project_name} Account Console to reconfigure a new OTP generator. If OTP is required, then the user must reconfigure a new OTP generator when logging in. -Alternatively, you can send an email to the user that requests the user reset the OTP generator. +Alternatively, you can send an email to the user that requests the user reset the OTP generator. The following procedure also applies if the user already has an OTP credential. .Prerequisite * You are logged in to the appropriate realm. .Procedure -. Click *Users* in the main menu. The user list page is displayed. +. Click *Users* in the main menu. The *Users* page is displayed. . Select a user. +. Click the *Credentials* tab. . Navigate to the *Reset Actions* list. . Click *Configure OTP*. -. Click *Send Email*. The sent email contains a link that directs the user to the OTP setup page. +. Click *Send Email*. The sent email contains a link that directs the user to the *OTP setup page*. diff --git a/server_admin/topics/users/proc-deleting-user.adoc b/server_admin/topics/users/proc-deleting-user.adoc index d0858ba053..dd1fd56990 100644 --- a/server_admin/topics/users/proc-deleting-user.adoc +++ b/server_admin/topics/users/proc-deleting-user.adoc @@ -9,7 +9,7 @@ You can delete a user, who no longer needs access to applications. If a user is .Procedure -. Click on *Users* in the menu. The user list page is displayed. +. Click *Users* in the menu. The *Users* page is displayed. . Click *View all users* to find a user to delete. + NOTE: Alternatively, you can use the search bar to find a user. diff --git a/server_admin/topics/users/proc-enabling-recaptcha.adoc b/server_admin/topics/users/proc-enabling-recaptcha.adoc index a16cf4f3cc..23706f5201 100644 --- a/server_admin/topics/users/proc-enabling-recaptcha.adoc +++ b/server_admin/topics/users/proc-enabling-recaptcha.adoc @@ -12,37 +12,39 @@ Once reCAPTCHA is enabled, you can edit `register.ftl` in your login theme to co .Procedure . Enter the following URL in a browser: ++ +[source,bash,subs=+attributes] ---- https://developers.google.com/recaptcha/ ---- + . Create an API key to get your reCAPTCHA site key and secret. Note the reCAPTCHA site key and secret for future use in this procedure. + NOTE: The localhost works by default. You do not have to specify a domain. + . Navigate to the {project_name} admin console. -. Click *Authentication* in the main menu. +. Click *Authentication* in the menu. . Click the *Flows* tab. . Select *Registration* from the drop down menu. . Set the *reCAPTCHA* requirement to *Required*. This enables reCAPTCHA. . Click *Actions* to the right of the reCAPTCHA flow entry. -. Click the *Config* link. The config page is displayed. +. Click the *Config* link. + .Recaptcha Config Page image:{project_images}/recaptcha-config.png[] -.. Enter the reCAPTCHA site key generated from the Google reCAPTCHA website on the config page. -.. Enter the secret generated from the Google reCAPTCHA website. -.. Authorize Google to use the registration page as an iframe. +.. Enter the *Recaptcha Site Key* generated from the Google reCAPTCHA website. +.. Enter the *Recaptcha Secret* generated from the Google reCAPTCHA website. +. Authorize Google to use the registration page as an iframe. + NOTE: In {project_name}, websites cannot include a login page dialog in an iframe. This restriction is to prevent clickjacking attacks. You need to change the default HTTP response headers that is set in {project_name}. + -.. Click *Realm Settings* in the main menu. +.. Click *Realm Settings* in the menu. .. Click the *Security Defenses* tab. .. Enter `https://www.google.com` in the field for the *X-Frame-Options* header. .. Enter `https://www.google.com` in the field for the *Content-Security-Policy* header. - [role="_additional-resources"] .Additional resources * For more information on extending and creating themes, see the link:{developerguide_link}[{developerguide_name}]. diff --git a/server_admin/topics/users/proc-enabling-terms-conditions.adoc b/server_admin/topics/users/proc-enabling-terms-conditions.adoc index 3a459db517..24de8e055f 100644 --- a/server_admin/topics/users/proc-enabling-terms-conditions.adoc +++ b/server_admin/topics/users/proc-enabling-terms-conditions.adoc @@ -8,6 +8,7 @@ You can enable a required action that new users must accept the terms and conditions before logging in to {project_name} for the first time. .Procedure +. Click *Authentication* in the menu. . Click the *Required Actions* tab. . Enable the *Terms and Conditions* action. . Edit the `terms.ftl` file in the base login theme. diff --git a/server_admin/topics/users/proc-enabling-user-registration.adoc b/server_admin/topics/users/proc-enabling-user-registration.adoc index 745955d0ca..0cf727a20a 100644 --- a/server_admin/topics/users/proc-enabling-user-registration.adoc +++ b/server_admin/topics/users/proc-enabling-user-registration.adoc @@ -6,10 +6,12 @@ = Enabling user registration [role="_abstract"] -Enable users to self-register. After you enable this setting, a *Register* link is displayed on the login page of the admin console. +Enable users to self-register. .Procedure . Click *Realm Settings* in the main menu. . Click the *Login* tab. . Toggle *User Registration* to *ON*. . Click *Save*. + +After you enable this setting, a *Register* link displays on the login page of the Admin Console. \ No newline at end of file diff --git a/server_admin/topics/users/proc-registering-new-user.adoc b/server_admin/topics/users/proc-registering-new-user.adoc index 2f90141c8d..ddf2f6e1cb 100644 --- a/server_admin/topics/users/proc-registering-new-user.adoc +++ b/server_admin/topics/users/proc-registering-new-user.adoc @@ -6,7 +6,7 @@ = Registering as a new user [role="_abstract"] -As a new user, you must complete a registration form to log in for the first time. You must add profile information and a password to register. +As a new user, you must complete a registration form to log in for the first time. You add profile information and a password to register. .Registration Form image:{project_images}/registration-form.png[] diff --git a/server_admin/topics/users/proc-searching-user.adoc b/server_admin/topics/users/proc-searching-user.adoc index 99980c19ea..77b5deefad 100644 --- a/server_admin/topics/users/proc-searching-user.adoc +++ b/server_admin/topics/users/proc-searching-user.adoc @@ -11,8 +11,8 @@ Search for a user to view detailed information about the user, such as the user' * You are in the realm where the user exists. .Procedure -. Click *Users* in the main menu. This opens the user list page. -. Type the full name, last name, first name, or email address of the user you want to search for in the search box. The search returns all users that match your criteria. +. Click *Users* in the main menu. This *Users* page is displayed. +. Type the full name, last name, first name, or email address of the user you want to search for in the search box. The search returns all users who match your criteria. . Alternatively, you can click *View all users* to list every user in the system. + NOTE: This action searches only the local {project_name} database and not the federated database, such as LDAP. The backends for federated databases do not have a pagination mechanism that enables searching for users. diff --git a/server_admin/topics/users/proc-setting-default-required-actions.adoc b/server_admin/topics/users/proc-setting-default-required-actions.adoc index 4f84dde1d9..25ef23b947 100644 --- a/server_admin/topics/users/proc-setting-default-required-actions.adoc +++ b/server_admin/topics/users/proc-setting-default-required-actions.adoc @@ -3,20 +3,12 @@ // con-required-actions.adoc [id="proc-setting-default-required-actions_{context}"] -= Setting default required actions += Setting required actions for all users -You can specify what actions are required before the first login of any new user. The default required actions can be modified after a user is created. - -You can set default required actions in two ways. You -can use the user registration link or the *Required Actions* tab. +You can specify what actions are required before the first login of all new users. The requirements apply to a user created by the *Add User* button on the *Users* page or the *Register* link on the login page. .Procedure -.Using the user registration link -. Click the *User Registration* link on the login page. -. Specify the default required actions. - -.Using the Required Actions tab . Click *Authentication* in the menu. . Click the *Required Actions* tab. . Click the checkbox in the *Default Action* column for one or more required actions. When a new user logs in for the first time, the selected actions must be executed. \ No newline at end of file diff --git a/server_admin/topics/users/proc-setting-password-user.adoc b/server_admin/topics/users/proc-setting-password-user.adoc index b630d8226b..5b327758e2 100644 --- a/server_admin/topics/users/proc-setting-password-user.adoc +++ b/server_admin/topics/users/proc-setting-password-user.adoc @@ -11,15 +11,16 @@ If a user does not have a password, or if the password has been deleted, the *Se If a user already has a password, it can be reset in the *Reset Password* section. .Procedure -. Click *Users* in the menu. The user list page is displayed. +. Click *Users* in the menu. The *Users* page is displayed. . Select a user. -. Type a new password, in the *Set Password* section. +. Click the *Credentials* tab. +. Type a new password in the *Set Password* section. . Click *Set Password*. + NOTE: If *Temporary* is set to *ON*, the user must change the password at the first login. To allow users to keep the password supplied, set *Temporary* to *OFF.* The user must click *Set Password* to change the password. + . Alternatively, you can send an email to the user that requests the user reset the password. -.. Navigate to the *Reset Actions* list. -.. Click *Update Password* from the list. +.. Navigate to the *Reset Actions* list under *Credential Reset*. +.. Select *Update Password* from the list. .. Click *Send Email*. The sent email contains a link that directs the user to the *Update Password* window. -.. Optionally, you can set the validity of the email link. This is set to the default preset in the *Tokens* tab, in the realm settings. +.. Optionally, you can set the validity of the email link. This is set to the default preset in the *Tokens* tab in *Realm Settings*. diff --git a/server_admin/topics/users/proc-setting-required-actions.adoc b/server_admin/topics/users/proc-setting-required-actions.adoc index 610a1e7500..f124693a2a 100644 --- a/server_admin/topics/users/proc-setting-required-actions.adoc +++ b/server_admin/topics/users/proc-setting-required-actions.adoc @@ -3,7 +3,7 @@ // con-required-actions.adoc [id="proc-setting-required-actions_{context}"] -= Setting required actions += Setting required actions for one user You can set the actions that are required for any user.