161 lines
5.2 KiB
Text
161 lines
5.2 KiB
Text
[[_account-service]]
|
|
|
|
== Account Console
|
|
|
|
{project_name} users can manage their accounts through the Account Console. Users can configure their profiles, add two-factor authentication, include identity provider accounts, and oversee device activity.
|
|
|
|
[role="_additional-resources"]
|
|
.Additional resources
|
|
|
|
* The Account Console can be configured in terms of appearance and language preferences. An example is adding attributes to the *Personal info* page by clicking *Personal info* link and completing and saving details. For more information, see {developerguide_link}[{developerguide_name}].
|
|
|
|
=== Accessing the Account Console
|
|
|
|
Any user can access the Account Console.
|
|
|
|
.Procedure
|
|
|
|
. Make note of the realm name and IP address for the {project_name} server where your account exists.
|
|
|
|
. In a web browser, enter a URL in this format: _server-root_{kc_realms_path}/{realm-name}/account.
|
|
|
|
. Enter your login name and password.
|
|
|
|
.Account Console
|
|
image:images/account-console-intro.png[Account Console]
|
|
|
|
=== Configuring ways to sign in
|
|
|
|
You can sign in to this console using basic authentication (a login name and password) or two-factor authentication. For two-factor authentication, use one of the following procedures.
|
|
|
|
==== Two-factor authentication with OTP
|
|
|
|
.Prerequisites
|
|
|
|
* OTP is a valid authentication mechanism for your realm.
|
|
|
|
.Procedure
|
|
|
|
. Click *Account security* in the menu.
|
|
|
|
. Click *Signing in*.
|
|
|
|
. Click *Set up authenticator application*.
|
|
+
|
|
.Signing in
|
|
image:images/account-console-signing-in.png[Signing in]
|
|
|
|
. Follow the directions that appear on the screen to use either
|
|
https://freeotp.github.io/[FreeOTP] or https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2[Google Authenticator] on your mobile device as your OTP generator.
|
|
|
|
. Scan the QR code in the screen shot into the OTP generator on your mobile device.
|
|
|
|
. Log out and log in again.
|
|
|
|
. Respond to the prompt by entering an OTP that is provided on your mobile device.
|
|
|
|
==== Two-factor authentication with WebAuthn
|
|
|
|
.Prerequisites
|
|
|
|
* WebAuthn is a valid two-factor authentication mechanism for your realm. Please follow the xref:webauthn_{context}[WebAuthn] section for more details.
|
|
|
|
.Procedure
|
|
|
|
. Click *Account Security* in the menu.
|
|
|
|
. Click *Signing In*.
|
|
|
|
. Click *Set up Security Key*.
|
|
+
|
|
.Signing In
|
|
image:images/account-console-signing-in-webauthn-2factor.png[Signing In With Security Key]
|
|
|
|
. Prepare your WebAuthn Security Key. How you prepare this key depends on the type of WebAuthn security key you use. For example, for a USB based Yubikey, you may need to put your key into the USB port on your laptop.
|
|
|
|
. Click *Register* to register your security key.
|
|
|
|
. Log out and log in again.
|
|
|
|
. Assuming authentication flow was correctly set, a message appears asking you to authenticate with your Security Key as second factor.
|
|
|
|
==== Passwordless authentication with WebAuthn
|
|
|
|
.Prerequisites
|
|
|
|
* WebAuthn is a valid passwordless authentication mechanism for your realm. Please follow the <<_webauthn_passwordless,Passwordless WebAuthn section>> for more details.
|
|
|
|
.Procedure
|
|
|
|
. Click *Account Security* in the menu.
|
|
|
|
. Click *Signing In*.
|
|
|
|
. Click *Set up Security Key* in the *Passwordless* section.
|
|
+
|
|
.Signing In
|
|
image:images/account-console-signing-in-webauthn-passwordless.png[Signing In With Security Key]
|
|
|
|
. Prepare your WebAuthn Security Key. How you prepare this key depends on the type of WebAuthn security key you use. For example, for a USB based Yubikey, you may need to put your key into the USB port on your laptop.
|
|
|
|
. Click *Register* to register your security key.
|
|
|
|
. Log out and log in again.
|
|
|
|
. Assuming authentication flow was correctly set, a message appears asking you to authenticate with your Security Key as second factor. You no longer need to provide your password to log in.
|
|
|
|
=== Viewing device activity
|
|
|
|
You can view the devices that are logged in to your account.
|
|
|
|
.Procedure
|
|
|
|
. Click *Account security* in the menu.
|
|
. Click *Device activity*.
|
|
. Log out a device if it looks suspicious.
|
|
|
|
.Devices
|
|
image:images/account-console-device.png[Devices]
|
|
|
|
=== Adding an identity provider account
|
|
|
|
You can link your account with an <<_identity_broker, identity broker>>. This option is often used to link social provider accounts.
|
|
|
|
.Procedure
|
|
|
|
. Log into the Admin Console.
|
|
|
|
. Click *Identity providers* in the menu.
|
|
|
|
. Select a provider and complete the fields.
|
|
|
|
. Return to the Account Console.
|
|
|
|
. Click *Account security* in the menu.
|
|
|
|
. Click *Linked accounts*.
|
|
|
|
The identity provider you added appears in this page.
|
|
|
|
.Linked Accounts
|
|
image:images/account-console-linked.png[Linked Accounts]
|
|
|
|
=== Accessing other applications
|
|
|
|
The *Applications* menu item shows users which applications you can access. In this case, only the Account Console is available.
|
|
|
|
.Applications
|
|
|
|
image:images/account-console-applications.png[Applications]
|
|
|
|
=== Viewing group memberships
|
|
|
|
You can view the groups you are associated with by clicking the *Groups* menu.
|
|
If you select *Direct membership* checkbox, you will see only the groups you are direct associated with.
|
|
|
|
.Prerequisites
|
|
|
|
* You need to have the *view-groups* account role for being able to view *Groups* menu.
|
|
|
|
.View group memberships
|
|
image:images/groups_account_console.png[View group memberships]
|