[[_account-service]] == Account Console {project_name} users can manage their accounts through the Account Console. Users can manage their profiles, add two-factor authentication, include identity provider acounts, and manage device activity. [role="_additional-resources"] .Additional resources * The Account Console is completely themeable and internationalizable as is the case with all {project_name} user interfaces. For example, you can add attributes to the *Personal Info* page. For more details, see the link:{developerguide_link}[{developerguide_name}]. === Accessing the Account Console Any user can access the Account Console. .Procedure . Make note of the realm name and IP address for the {project_name} server where your account exists. . In a web browser, enter a URL in this format: `{kc_realms_path}/{realm-name}/account`. . Enter your login name and password. .Account Console image:images/account-console-intro.png[Account Console] === Configuring ways to sign in You can sign in to this console using basic authentication (a login name and password) or two-factor authentication. For two-factor authentication, use one of the following procedures. ==== Two-factor authentication with OTP .Prerequisites * OTP is a valid authentication mechanism for your realm. .Procedure . Click *Account Security* in the menu. . Click *Signing In*. . Click *Set Up Authenticator Application*. + .Signing In image:images/account-console-signing-in.png[Signing In] . Follow the directions that appear on the screen to use either https://freeotp.github.io/[FreeOTP] or https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2[Google Authenticator] on your mobile device as your OTP generator. . Scan the QR code in the screen shot into the OTP generator on your mobile device. . Log out and log in again. . Respond to the prompt by entering an OTP that is provided on your mobile device. ==== Two-factor authentication with WebAuthn .Prerequisites * WebAuthn is a valid two-factor authentication mechanism for your realm. Please follow the <<_webauthn,WebAuthn section>> for more details. .Procedure . Click *Account Security* in the menu. . Click *Signing In*. . Click *Set up Security Key*. + .Signing In image:images/account-console-signing-in-webauthn-2factor.png[Signing In With Security Key] . Prepare your WebAuthn Security Key. How you prepare this key depends on the type of WebAuthn security key you use. For example, for a USB based Yubikey, you may need to put your key into the USB port on your laptop. . Click *Register* to register your security key. . Log out and log in again. . Assuming authentication flow was correctly set, a message appears asking you to authenticate with your Security Key as second factor. ==== Passwordless authentication with WebAuthn .Prerequisites * WebAuthn is a valid passwordless authentication mechanism for your realm. Please follow the <<_webauthn_passwordless,Passwordless WebAuthn section>> for more details. .Procedure . Click *Account Security* in the menu. . Click *Signing In*. . Click *Set up Security Key* in the *Passwordless* section. + .Signing In image:images/account-console-signing-in-webauthn-passwordless.png[Signing In With Security Key] . Prepare your WebAuthn Security Key. How you prepare this key depends on the type of WebAuthn security key you use. For example, for a USB based Yubikey, you may need to put your key into the USB port on your laptop. . Click *Register* to register your security key. . Log out and log in again. . Assuming authentication flow was correctly set, a message appears asking you to authenticate with your Security Key as second factor. You no longer need to provide your password to log in. === Viewing device activity You can view the devices that are logged in to your account. .Procedure . Click *Account Security* in the menu. . Click *Device Activity*. . Log out a device if it looks suspicious. .Devices image:images/account-console-device.png[Devices] === Adding an identity provider acccount You can link your account with an <<_identity_broker, identity broker>>. This option is often used to link social provider accounts. .Procedure . Log into the Admin Console. . Click *Identity Providers* in the menu. . Click *Add provider*. . Select a provider and complete the fields. . Return to the Account Console. . Click *Account Security* in the menu. . Click *Linked Accounts*. The identity provider you added appears in this page. .Linked Accounts image:images/account-console-linked.png[Linked Accounts] === Accessing other applications The *Applications* menu item shows users which applications you can access. In this case, only the Account Console is available. .Applications image:images/account-console-applications.png[Applications]