minor formatting changes and technical corrections

This commit is contained in:
Andy Munro 2020-11-25 17:53:05 -05:00 committed by Marek Posolda
parent fef494fc30
commit af2eea4940
13 changed files with 39 additions and 42 deletions

View file

@ -1,7 +1,7 @@
== Managing Users == Managing Users
From the administrator console, you have a wide range of actions you can perform to manage users. From the Admin Console, you have a wide range of actions you can perform to manage users.
include::users/proc-searching-user.adoc[leveloffset=+2] include::users/proc-searching-user.adoc[leveloffset=+2]
include::users/proc-creating-user.adoc[leveloffset=+2] include::users/proc-creating-user.adoc[leveloffset=+2]
@ -13,15 +13,15 @@ include::users/proc-setting-password-user.adoc[leveloffset=+3]
include::users/proc-creating-otp.adoc[leveloffset=+3] include::users/proc-creating-otp.adoc[leveloffset=+3]
include::users/con-required-actions.adoc[leveloffset=+2] include::users/con-required-actions.adoc[leveloffset=+2]
include::proc-setting-required-actions.adoc[leveloffset=+3] include::users/proc-setting-required-actions.adoc[leveloffset=+3]
include::proc-setting-default-required-actions.adoc[leveloffset=+3] include::users/proc-setting-default-required-actions.adoc[leveloffset=+3]
include::proc-enabling-terms-conditions.adoc[leveloffset=+3] include::users/proc-enabling-terms-conditions.adoc[leveloffset=+3]
include::users/con-user-impersonation.adoc[leveloffset=+2] include::users/con-user-impersonation.adoc[leveloffset=+2]
include::users/con-user-registration.adoc[leveloffset=+2] include::users/con-user-registration.adoc[leveloffset=+2]
include::proc-enabling-user-registration.adoc[leveloffset=3] include::users/proc-enabling-user-registration.adoc[leveloffset=3]
include::proc-registering-new-user.adoc[leveloffset=3] include::users/proc-registering-new-user.adoc[leveloffset=3]
include::users/proc-enabling-recaptcha.adoc[leveloffset=+2] include::users/proc-enabling-recaptcha.adoc[leveloffset=+2]
include::users/ref-personal-data-collected.adoc[leveloffset=+2] include::users/ref-personal-data-collected.adoc[leveloffset=+2]

View file

@ -5,9 +5,7 @@
[id="con-required-actions_{context}"] [id="con-required-actions_{context}"]
= Required Actions = Required Actions
You can set the actions that a user must perform at the first login. These actions are required after the user provides credentials. After the first login, these actions are no longer required. You can set the actions that a user must perform at the first login. These actions are required after the user provides credentials. After the first login, these actions are no longer required. You add required actions on the *Details* tab of that user.
You can add required actions for each user in the *Details* tab of the admin console.
The following are examples of required action types: The following are examples of required action types:

View file

@ -12,7 +12,7 @@ Any user with the `impersonation` role in the realm can impersonate a user.
image:{project_images}/user-details.png[] image:{project_images}/user-details.png[]
* If the administrator and the user are in the same realm, then the administrator will be logged out and automatically logged in as the user being impersonated. * If the administrator and the user are in the same realm, then the administrator will be logged out and automatically logged in as the user being impersonated.
* If the administrator and user are not in the same realm, the administrator will remain logged in, and additionally will be logged in as the user in that user's realm. * If the administrator and user are in different realms, the administrator will remain logged in, and additionally will be logged in as the user in that user's realm.
In both instances, the *User Account Management* page of the impersonated user is displayed. In both instances, the *User Account Management* page of the impersonated user is displayed.

View file

@ -6,16 +6,17 @@
= Creating an OTP = Creating an OTP
[role="_abstract"] [role="_abstract"]
If OTP is conditional in your realm, the user must navigate to the *User Account Management* page to reconfigure a new OTP generator. If OTP is required, then the user must reconfigure a new OTP generator when logging in. You can use the following procedure if the user already has an OTP credential. If OTP is conditional in your realm, the user must navigate to {project_name} Account Console to reconfigure a new OTP generator. If OTP is required, then the user must reconfigure a new OTP generator when logging in.
Alternatively, you can send an email to the user that requests the user reset the OTP generator. Alternatively, you can send an email to the user that requests the user reset the OTP generator. The following procedure also applies if the user already has an OTP credential.
.Prerequisite .Prerequisite
* You are logged in to the appropriate realm. * You are logged in to the appropriate realm.
.Procedure .Procedure
. Click *Users* in the main menu. The user list page is displayed. . Click *Users* in the main menu. The *Users* page is displayed.
. Select a user. . Select a user.
. Click the *Credentials* tab.
. Navigate to the *Reset Actions* list. . Navigate to the *Reset Actions* list.
. Click *Configure OTP*. . Click *Configure OTP*.
. Click *Send Email*. The sent email contains a link that directs the user to the OTP setup page. . Click *Send Email*. The sent email contains a link that directs the user to the *OTP setup page*.

View file

@ -9,7 +9,7 @@ You can delete a user, who no longer needs access to applications. If a user is
.Procedure .Procedure
. Click on *Users* in the menu. The user list page is displayed. . Click *Users* in the menu. The *Users* page is displayed.
. Click *View all users* to find a user to delete. . Click *View all users* to find a user to delete.
+ +
NOTE: Alternatively, you can use the search bar to find a user. NOTE: Alternatively, you can use the search bar to find a user.

View file

@ -12,37 +12,39 @@ Once reCAPTCHA is enabled, you can edit `register.ftl` in your login theme to co
.Procedure .Procedure
. Enter the following URL in a browser: . Enter the following URL in a browser:
+
[source,bash,subs=+attributes]
---- ----
https://developers.google.com/recaptcha/ https://developers.google.com/recaptcha/
---- ----
. Create an API key to get your reCAPTCHA site key and secret. Note the reCAPTCHA site key and secret for future use in this procedure. . Create an API key to get your reCAPTCHA site key and secret. Note the reCAPTCHA site key and secret for future use in this procedure.
+ +
NOTE: The localhost works by default. You do not have to specify a domain. NOTE: The localhost works by default. You do not have to specify a domain.
+ +
. Navigate to the {project_name} admin console. . Navigate to the {project_name} admin console.
. Click *Authentication* in the main menu. . Click *Authentication* in the menu.
. Click the *Flows* tab. . Click the *Flows* tab.
. Select *Registration* from the drop down menu. . Select *Registration* from the drop down menu.
. Set the *reCAPTCHA* requirement to *Required*. This enables . Set the *reCAPTCHA* requirement to *Required*. This enables
reCAPTCHA. reCAPTCHA.
. Click *Actions* to the right of the reCAPTCHA flow entry. . Click *Actions* to the right of the reCAPTCHA flow entry.
. Click the *Config* link. The config page is displayed. . Click the *Config* link.
+ +
.Recaptcha Config Page .Recaptcha Config Page
image:{project_images}/recaptcha-config.png[] image:{project_images}/recaptcha-config.png[]
.. Enter the reCAPTCHA site key generated from the Google reCAPTCHA website on the config page. .. Enter the *Recaptcha Site Key* generated from the Google reCAPTCHA website.
.. Enter the secret generated from the Google reCAPTCHA website. .. Enter the *Recaptcha Secret* generated from the Google reCAPTCHA website.
.. Authorize Google to use the registration page as an iframe. . Authorize Google to use the registration page as an iframe.
+ +
NOTE: In {project_name}, websites cannot include a login page dialog in an iframe. This restriction is to prevent clickjacking attacks. You need to change the default HTTP response headers that is set in {project_name}. NOTE: In {project_name}, websites cannot include a login page dialog in an iframe. This restriction is to prevent clickjacking attacks. You need to change the default HTTP response headers that is set in {project_name}.
+ +
.. Click *Realm Settings* in the main menu. .. Click *Realm Settings* in the menu.
.. Click the *Security Defenses* tab. .. Click the *Security Defenses* tab.
.. Enter `https://www.google.com` in the field for the *X-Frame-Options* header. .. Enter `https://www.google.com` in the field for the *X-Frame-Options* header.
.. Enter `https://www.google.com` in the field for the *Content-Security-Policy* header. .. Enter `https://www.google.com` in the field for the *Content-Security-Policy* header.
[role="_additional-resources"] [role="_additional-resources"]
.Additional resources .Additional resources
* For more information on extending and creating themes, see the link:{developerguide_link}[{developerguide_name}]. * For more information on extending and creating themes, see the link:{developerguide_link}[{developerguide_name}].

View file

@ -8,6 +8,7 @@
You can enable a required action that new users must accept the terms and conditions before logging in to {project_name} for the first time. You can enable a required action that new users must accept the terms and conditions before logging in to {project_name} for the first time.
.Procedure .Procedure
. Click *Authentication* in the menu.
. Click the *Required Actions* tab. . Click the *Required Actions* tab.
. Enable the *Terms and Conditions* action. . Enable the *Terms and Conditions* action.
. Edit the `terms.ftl` file in the base login theme. . Edit the `terms.ftl` file in the base login theme.

View file

@ -6,10 +6,12 @@
= Enabling user registration = Enabling user registration
[role="_abstract"] [role="_abstract"]
Enable users to self-register. After you enable this setting, a *Register* link is displayed on the login page of the admin console. Enable users to self-register.
.Procedure .Procedure
. Click *Realm Settings* in the main menu. . Click *Realm Settings* in the main menu.
. Click the *Login* tab. . Click the *Login* tab.
. Toggle *User Registration* to *ON*. . Toggle *User Registration* to *ON*.
. Click *Save*. . Click *Save*.
After you enable this setting, a *Register* link displays on the login page of the Admin Console.

View file

@ -6,7 +6,7 @@
= Registering as a new user = Registering as a new user
[role="_abstract"] [role="_abstract"]
As a new user, you must complete a registration form to log in for the first time. You must add profile information and a password to register. As a new user, you must complete a registration form to log in for the first time. You add profile information and a password to register.
.Registration Form .Registration Form
image:{project_images}/registration-form.png[] image:{project_images}/registration-form.png[]

View file

@ -11,8 +11,8 @@ Search for a user to view detailed information about the user, such as the user'
* You are in the realm where the user exists. * You are in the realm where the user exists.
.Procedure .Procedure
. Click *Users* in the main menu. This opens the user list page. . Click *Users* in the main menu. This *Users* page is displayed.
. Type the full name, last name, first name, or email address of the user you want to search for in the search box. The search returns all users that match your criteria. . Type the full name, last name, first name, or email address of the user you want to search for in the search box. The search returns all users who match your criteria.
. Alternatively, you can click *View all users* to list every user in the system. . Alternatively, you can click *View all users* to list every user in the system.
+ +
NOTE: This action searches only the local {project_name} database and not the federated database, such as LDAP. The backends for federated databases do not have a pagination mechanism that enables searching for users. NOTE: This action searches only the local {project_name} database and not the federated database, such as LDAP. The backends for federated databases do not have a pagination mechanism that enables searching for users.

View file

@ -3,20 +3,12 @@
// con-required-actions.adoc // con-required-actions.adoc
[id="proc-setting-default-required-actions_{context}"] [id="proc-setting-default-required-actions_{context}"]
= Setting default required actions = Setting required actions for all users
You can specify what actions are required before the first login of any new user. The default required actions can be modified after a user is created. You can specify what actions are required before the first login of all new users. The requirements apply to a user created by the *Add User* button on the *Users* page or the *Register* link on the login page.
You can set default required actions in two ways. You
can use the user registration link or the *Required Actions* tab.
.Procedure .Procedure
.Using the user registration link
. Click the *User Registration* link on the login page.
. Specify the default required actions.
.Using the Required Actions tab
. Click *Authentication* in the menu. . Click *Authentication* in the menu.
. Click the *Required Actions* tab. . Click the *Required Actions* tab.
. Click the checkbox in the *Default Action* column for one or more required actions. When a new user logs in for the first time, the selected actions must be executed. . Click the checkbox in the *Default Action* column for one or more required actions. When a new user logs in for the first time, the selected actions must be executed.

View file

@ -11,15 +11,16 @@ If a user does not have a password, or if the password has been deleted, the *Se
If a user already has a password, it can be reset in the *Reset Password* section. If a user already has a password, it can be reset in the *Reset Password* section.
.Procedure .Procedure
. Click *Users* in the menu. The user list page is displayed. . Click *Users* in the menu. The *Users* page is displayed.
. Select a user. . Select a user.
. Type a new password, in the *Set Password* section. . Click the *Credentials* tab.
. Type a new password in the *Set Password* section.
. Click *Set Password*. . Click *Set Password*.
+ +
NOTE: If *Temporary* is set to *ON*, the user must change the password at the first login. To allow users to keep the password supplied, set *Temporary* to *OFF.* The user must click *Set Password* to change the password. NOTE: If *Temporary* is set to *ON*, the user must change the password at the first login. To allow users to keep the password supplied, set *Temporary* to *OFF.* The user must click *Set Password* to change the password.
+ +
. Alternatively, you can send an email to the user that requests the user reset the password. . Alternatively, you can send an email to the user that requests the user reset the password.
.. Navigate to the *Reset Actions* list. .. Navigate to the *Reset Actions* list under *Credential Reset*.
.. Click *Update Password* from the list. .. Select *Update Password* from the list.
.. Click *Send Email*. The sent email contains a link that directs the user to the *Update Password* window. .. Click *Send Email*. The sent email contains a link that directs the user to the *Update Password* window.
.. Optionally, you can set the validity of the email link. This is set to the default preset in the *Tokens* tab, in the realm settings. .. Optionally, you can set the validity of the email link. This is set to the default preset in the *Tokens* tab in *Realm Settings*.

View file

@ -3,7 +3,7 @@
// con-required-actions.adoc // con-required-actions.adoc
[id="proc-setting-required-actions_{context}"] [id="proc-setting-required-actions_{context}"]
= Setting required actions = Setting required actions for one user
You can set the actions that are required for any user. You can set the actions that are required for any user.