diff --git a/server_admin/topics/users/credentials.adoc b/server_admin/topics/users/credentials.adoc index a99b86c27a..53491ac27f 100644 --- a/server_admin/topics/users/credentials.adoc +++ b/server_admin/topics/users/credentials.adoc @@ -1,7 +1,7 @@ -[[_user-credentials]] +[id="ref-user-credentials_{context}"] = User Credentials -When viewing a user if you go to the `Credentials` tab you can manage a user's credentials. +You can manage credentials of a user in the *Credentials* tab. .Credential Management image:{project_images}/user-credentials.png[] @@ -9,52 +9,24 @@ image:{project_images}/user-credentials.png[] The credentials are listed in a table, which has the following fields: Position:: - The arrow buttons in this column allows you to shift the priority of the credential for the user, with the topmost credential having the highest priority. - This priority determines which credential will be shown first to a user in case of a choice during login. The highest priority of those available to the - user will be the one selected. + The arrow buttons in the *Position* column allow you to shift the priority of the credential for the user. The topmost credential has the highest priority. The priority determines which credential is displayed first after a user logs in. + Type:: - This shows the type of the credential, for example `password` or `otp`. + This shows the type of the credential, for example *password* or *OTP*. + User Label:: - This is an assignable label to recognise the credential when presented as a selection option during login. It can be set to any value to describe the + This is an assignable label to recognize the credential when presented as a selection option during login. It can be set to any value to describe the credential. + Data:: - This shows the non-confidential technical information about the credential. It is originally hidden, but you can press `Show data...` to reveal it for a + This is the non-confidential technical information about the credential. It is hidden, by default. You can click *Show data...* to display the data for a credential. + Actions:: - This column has two buttons. `Save` records the value of the User Label, while `Delete` will remove the credential. + This column has two actions. Click *Save* to record the value or the user field. Click *Delete* to remove the credential. -== Creating a Password for the User -If a user doesn't have a password, or if the password has been deleted, the `Set Password` section will be shown on the page. +You cannot configure other types of credentials for a specific user in the admin console; this is the responsibility of the user. -.Credential Management - Set Password -image:images/user-credentials-set-password.png[] +You can delete the credentials of a user in the event a user loses an OTP device or if credentials have been compromised. You can only delete credentials of a user in the *Credentials* tab. -To create a password for a user, type in a new one. Click on the `Set Password` button after you've typed everything in. -If the `Temporary` switch is on, this new password can only be used once and the user will be asked to change their password after they have -logged in. - -If a user already has a password, it can be reset in the `Reset Password` section. - -Alternatively, if you have <<_email, email>> set up, you can send an email to the user that asks -them to reset their password. Choose `Update Password` from the `Reset Actions` list box and click `Send Email`. You can optionally -set the validity of the e-mail link which defaults to the one preset in `Tokens` tab in the realm settings. -The sent email contains a link that will bring the user to the update password screen. - -Note that a user can only have a single credential of type password. - -== Creating other credentials - -You cannot configure other types of credentials for a specific user within the Admin Console. This is the responsibility of the user. -You can only delete credentials for a user on the `Credentials` tab, for example if the user has lost an OTP device, or if a credential -has been compromised. - -== Creating an OTP - -If OTP is conditional in your realm, the user will have to go to the User Account Management service to re-configure a new OTP generator. If OTP is required, then the user will be asked -to re-configure a new OTP generator when they log in. - -Like passwords, you can alternatively send an email to the user that will ask them to reset their OTP generator. Choose -`Configure OTP` in the `Reset Actions` list box and click the `Send Email` button. The sent email -contains a link that will bring the user to the OTP setup screen. You can use this method even if the user already has an OTP credential, -and would like to set up some more. diff --git a/server_admin/topics/users/proc-creating-otp.adoc b/server_admin/topics/users/proc-creating-otp.adoc new file mode 100644 index 0000000000..8fe56b25e3 --- /dev/null +++ b/server_admin/topics/users/proc-creating-otp.adoc @@ -0,0 +1,13 @@ +[id="proc_creating-otp_{context}"] += Creating an OTP + +[role="_abstract"] +If OTP is conditional in your realm, the user must navigate to the *User Account Management* page to reconfigure a new OTP generator. If OTP is required, then the user must reconfigure a new OTP generator when logging in. You can use the following procedure if the user already has an OTP credential. Alternatively, you can send an email to the user that requests the user reset the OTP generator. + +.Prerequisite +* You are logged in to the appropriate realm. + +.Procedure +. Navigate to the *Reset Actions* list. +. Click *Configure OTP*. +. Click *Send Email*. The sent email contains a link that directs the user to the OTP setup page. diff --git a/server_admin/topics/users/proc-setting-password-user.adoc b/server_admin/topics/users/proc-setting-password-user.adoc new file mode 100644 index 0000000000..a840021dd7 --- /dev/null +++ b/server_admin/topics/users/proc-setting-password-user.adoc @@ -0,0 +1,18 @@ +[id="proc-setting-password-user_{context}"] += Setting a password for a user + +[role="_abstract"] +If a user does not have a password, or if the password has been deleted, the *Set Password* section is displayed. +If a user already has a password, it can be reset in the *Reset Password* section. + +.Procedure +. Type in a new password, in the *Set Password* section. +. Click *Set Password*. ++ +NOTE: If the *Temporary* radion button is set to *ON*, the password is temporary and the user must change the password after the first login. If a user prefers to create a password that is persistent, the *Temporary* radio button must be set to *OFF* and the user must click *Set Password*. ++ +. Alternatively, you can send an email to the user that requests the user reset the password. +.. Navigate to the *Reset Actions* list. +.. Click *Update Password* from the list. +.. Click *Send Email*. The sent email contains a link that directs the user to the *Update Password* window. +.. Optionally, you can set the validity of the email link. This is set to the default preset in the *Tokens* tab in the realm setiings.