60 lines
3.2 KiB
Text
60 lines
3.2 KiB
Text
|
|
|
|
=== User Credentials
|
|
|
|
When viewing a user if you go to the `Credentials` tab you can manage a user's credentials.
|
|
|
|
.Credential Management
|
|
image:{project_images}/user-credentials.png[]
|
|
|
|
The credentials are listed in a table, which has the following fields:
|
|
|
|
Position::
|
|
The arrow buttons in this column allows you to shift the priority of the credential for the user, with the topmost credential having the highest priority.
|
|
This priority determines which credential will be shown first to a user in case of a choice during login. The highest priority of those available to the
|
|
user will be the one selected.
|
|
Type::
|
|
This shows the type of the credential, for example `password` or `otp`.
|
|
User Label::
|
|
This is an assignable label to recognise the credential when presented as a selection option during login. It can be set to any value to describe the
|
|
credential.
|
|
Data::
|
|
This shows the non-confidential technical information about the credential. It is originally hidden, but you can press `Show data...` to reveal it for a
|
|
credential.
|
|
Actions::
|
|
This column has two buttons. `Save` records the value of the User Label, while `Delete` will remove the credential.
|
|
|
|
==== Creating a Password for the User
|
|
|
|
If a user doesn't have a password, or if the password has been deleted, the `Set Password` section will be shown on the page.
|
|
|
|
.Credential Management - Set Password
|
|
image:images/user-credentials-set-password.png[]
|
|
|
|
To create a password for a user, type in a new one. Click on the `Set Password` button after you've typed everything in.
|
|
If the `Temporary` switch is on, this new password can only be used once and the user will be asked to change their password after they have
|
|
logged in.
|
|
|
|
Alternatively, if you have <<_email, email>> set up, you can send an email to the user that asks
|
|
them to reset their password. Choose `Update Password` from the `Reset Actions` list box and click `Send Email`. You can optionally
|
|
set the validity of the e-mail link which defaults to the one preset in `Tokens` tab in the realm settings.
|
|
The sent email contains a link that will bring the user to the update password screen.
|
|
|
|
Note that a user can only have a single credential of type password.
|
|
|
|
==== Creating other credentials
|
|
|
|
You cannot configure other types of credentials for a specific user within the Admin Console. This is the responsibility of the user.
|
|
You can only delete credentials for a user on the `Credentials` tab, for example if the user has lost his OTP device, or if a credential
|
|
has been compromised.
|
|
|
|
===== Creating an OTP
|
|
|
|
If OTP is conditional in your realm, the user will have to go to the User Account Management service to re-configure a new
|
|
OTP generator. A user can set up any number of OTP credentials in this manner. If OTP is required, then the user will be asked
|
|
to re-configure a new OTP generator when they log in.
|
|
|
|
Like passwords, you can alternatively send an email to the user that will ask them to reset their OTP generator. Choose
|
|
`Configure OTP` in the `Reset Actions` list box and click the `Send Email` button. The sent email
|
|
contains a link that will bring the user to the OTP setup screen. You can use this method even if the user already has an OTP credential,
|
|
and would like to set up some more.
|