150 lines
4.7 KiB
Text
150 lines
4.7 KiB
Text
[[_account-service]]
|
|
|
|
== Account Console
|
|
|
|
{project_name} users can manage their accounts through the Account Console. Users can manage their profiles, add two-factor authentication, include identity provider acounts, and manage device activity.
|
|
|
|
[role="_additional-resources"]
|
|
.Additional resources
|
|
|
|
* The Account Console is completely themeable and internationalizable as is the case with all {project_name} user interfaces. For example, you can add attributes to the *Personal Info* page. For more details, see the link:{developerguide_link}[{developerguide_name}].
|
|
|
|
=== Accessing the Account Console
|
|
|
|
Any user can access the Account Console.
|
|
|
|
.Procedure
|
|
|
|
. Make note of the realm name and IP address for the {project_name} server where your account exists.
|
|
|
|
. In a web browser, enter a URL in this format: `<server-root>{kc_realms_path}/{realm-name}/account`.
|
|
|
|
. Enter your login name and password.
|
|
|
|
.Account Console
|
|
image:images/account-console-intro.png[Account Console]
|
|
|
|
=== Configuring ways to sign in
|
|
|
|
You can sign in to this console using basic authentication (a login name and password) or two-factor authentication. For two-factor authentication, use one of the following procedures.
|
|
|
|
==== Two-factor authentication with OTP
|
|
|
|
.Prerequisites
|
|
|
|
* OTP is a valid authentication mechanism for your realm.
|
|
|
|
.Procedure
|
|
|
|
. Click *Account Security* in the menu.
|
|
|
|
. Click *Signing In*.
|
|
|
|
. Click *Set Up Authenticator Application*.
|
|
+
|
|
.Signing In
|
|
image:images/account-console-signing-in.png[Signing In]
|
|
|
|
. Follow the directions that appear on the screen to use either
|
|
https://freeotp.github.io/[FreeOTP] or https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2[Google Authenticator] on your mobile device as your OTP generator.
|
|
|
|
. Scan the QR code in the screen shot into the OTP generator on your mobile device.
|
|
|
|
. Log out and log in again.
|
|
|
|
. Respond to the prompt by entering an OTP that is provided on your mobile device.
|
|
|
|
==== Two-factor authentication with WebAuthn
|
|
|
|
.Prerequisites
|
|
|
|
* WebAuthn is a valid two-factor authentication mechanism for your realm. Please follow the <<_webauthn,WebAuthn section>> for more details.
|
|
|
|
.Procedure
|
|
|
|
. Click *Account Security* in the menu.
|
|
|
|
. Click *Signing In*.
|
|
|
|
. Click *Set up Security Key*.
|
|
+
|
|
.Signing In
|
|
image:images/account-console-signing-in-webauthn-2factor.png[Signing In With Security Key]
|
|
|
|
. Prepare your WebAuthn Security Key. How you prepare this key depends on the type of WebAuthn security key you use. For example, for a USB based Yubikey, you may need to put your key into the USB port on your laptop.
|
|
|
|
. Click *Register* to register your security key.
|
|
|
|
. Log out and log in again.
|
|
|
|
. Assuming authentication flow was correctly set, a message appears asking you to authenticate with your Security Key as second factor.
|
|
|
|
==== Passwordless authentication with WebAuthn
|
|
|
|
.Prerequisites
|
|
|
|
* WebAuthn is a valid passwordless authentication mechanism for your realm. Please follow the <<_webauthn_passwordless,Passwordless WebAuthn section>> for more details.
|
|
|
|
.Procedure
|
|
|
|
. Click *Account Security* in the menu.
|
|
|
|
. Click *Signing In*.
|
|
|
|
. Click *Set up Security Key* in the *Passwordless* section.
|
|
+
|
|
.Signing In
|
|
image:images/account-console-signing-in-webauthn-passwordless.png[Signing In With Security Key]
|
|
|
|
. Prepare your WebAuthn Security Key. How you prepare this key depends on the type of WebAuthn security key you use. For example, for a USB based Yubikey, you may need to put your key into the USB port on your laptop.
|
|
|
|
. Click *Register* to register your security key.
|
|
|
|
. Log out and log in again.
|
|
|
|
. Assuming authentication flow was correctly set, a message appears asking you to authenticate with your Security Key as second factor. You no longer need to provide your password to log in.
|
|
|
|
=== Viewing device activity
|
|
|
|
You can view the devices that are logged in to your account.
|
|
|
|
.Procedure
|
|
|
|
. Click *Account Security* in the menu.
|
|
. Click *Device Activity*.
|
|
. Log out a device if it looks suspicious.
|
|
|
|
.Devices
|
|
image:images/account-console-device.png[Devices]
|
|
|
|
=== Adding an identity provider acccount
|
|
|
|
You can link your account with an <<_identity_broker, identity broker>>. This option is often used to link social provider accounts.
|
|
|
|
.Procedure
|
|
|
|
. Log into the Admin Console.
|
|
|
|
. Click *Identity Providers* in the menu.
|
|
|
|
. Click *Add provider*.
|
|
|
|
. Select a provider and complete the fields.
|
|
|
|
. Return to the Account Console.
|
|
|
|
. Click *Account Security* in the menu.
|
|
|
|
. Click *Linked Accounts*.
|
|
|
|
The identity provider you added appears in this page.
|
|
|
|
.Linked Accounts
|
|
image:images/account-console-linked.png[Linked Accounts]
|
|
|
|
=== Accessing other applications
|
|
|
|
The *Applications* menu item shows users which applications you can access. In this case, only the Account Console is available.
|
|
|
|
.Applications
|
|
image:images/account-console-applications.png[Applications]
|