libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
keycloak-scim/server_admin/topics/account.adoc
agagancarczyk 0692102ff0
Updated account console chapter #1494 (#1546) 
* updated account text

* updated account.adoc

* cleaned up the .adoc

* resized images

Co-authored-by: Agnieszka Gancarczyk <agancarc@redhat.com>
2022-06-01 14:17:59 -04:00

149 lines
4.8 KiB
Text
Raw Blame History

[[_account-service]]
== Account Console
{project_name} users can manage their accounts through the Account Console. Users can configure their profiles, add two-factor authentication, include identity provider accounts, and oversee device activity.
[role="_additional-resources"]
.Additional resources
* The Account Console can be configured in terms of appearance and language preferences. An example is adding attributes to the *Personal info* page by clicking *Personal info* link and completing and saving details. For more information, see reference:{developerguide_link}[{developerguide_name}].
=== Accessing the Account Console
Any user can access the Account Console.
.Procedure
. Make note of the realm name and IP address for the {project_name} server where your account exists.
. In a web browser, enter a URL in this format: `<server-root>{kc_realms_path}/{realm-name}/account`.
. Enter your login name and password.
.Account Console
image:{project_images}/account-console-intro.png[Account Console]
=== Configuring ways to sign in
You can sign in to this console using basic authentication (a login name and password) or two-factor authentication. For two-factor authentication, use one of the following procedures.
==== Two-factor authentication with OTP
.Prerequisites
* OTP is a valid authentication mechanism for your realm.
.Procedure
. Click *Account security* in the menu.
. Click *Signing in*.
. Click *Set up authenticator application*.
+
.Signing in
image:{project_images}/account-console-signing-in.png[Signing in]
. Follow the directions that appear on the screen to use either
https://freeotp.github.io/[FreeOTP] or https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2[Google Authenticator] on your mobile device as your OTP generator.
. Scan the QR code in the screen shot into the OTP generator on your mobile device.
. Log out and log in again.
. Respond to the prompt by entering an OTP that is provided on your mobile device.
==== Two-factor authentication with WebAuthn
.Prerequisites
* WebAuthn is a valid two-factor authentication mechanism for your realm. Please follow the xref:webauthn_{context}[WebAuthn] section for more details.
.Procedure
. Click *Account Security* in the menu.
. Click *Signing In*.
. Click *Set up Security Key*.
+
.Signing In
image:{project_images}/account-console-signing-in-webauthn-2factor.png[Signing In With Security Key]
. Prepare your WebAuthn Security Key. How you prepare this key depends on the type of WebAuthn security key you use. For example, for a USB based Yubikey, you may need to put your key into the USB port on your laptop.
. Click *Register* to register your security key.
. Log out and log in again.
. Assuming authentication flow was correctly set, a message appears asking you to authenticate with your Security Key as second factor.
==== Passwordless authentication with WebAuthn
.Prerequisites
* WebAuthn is a valid passwordless authentication mechanism for your realm. Please follow the <<_webauthn_passwordless,Passwordless WebAuthn section>> for more details.
.Procedure
. Click *Account Security* in the menu.
. Click *Signing In*.
. Click *Set up Security Key* in the *Passwordless* section.
+
.Signing In
image:{project_images}/account-console-signing-in-webauthn-passwordless.png[Signing In With Security Key]
. Prepare your WebAuthn Security Key. How you prepare this key depends on the type of WebAuthn security key you use. For example, for a USB based Yubikey, you may need to put your key into the USB port on your laptop.
. Click *Register* to register your security key.
. Log out and log in again.
. Assuming authentication flow was correctly set, a message appears asking you to authenticate with your Security Key as second factor. You no longer need to provide your password to log in.
=== Viewing device activity
You can view the devices that are logged in to your account.
.Procedure
. Click *Account security* in the menu.
. Click *Device activity*.
. Log out a device if it looks suspicious.
.Devices
image:{project_images}/account-console-device.png[Devices]
=== Adding an identity provider account
You can link your account with an <<_identity_broker, identity broker>>. This option is often used to link social provider accounts.
.Procedure
. Log into the Admin Console.
. Click *Identity providers* in the menu.
. Select a provider and complete the fields.
. Return to the Account Console.
. Click *Account security* in the menu.
. Click *Linked accounts*.
The identity provider you added appears in this page.
.Linked Accounts
image:{project_images}/account-console-linked.png[Linked Accounts]
=== Accessing other applications
The *Applications* menu item shows users which applications you can access. In this case, only the Account Console is available.
.Applications
image:{project_images}/account-console-applications.png[Applications]
Reference in a new issue View git blame Copy permalink