Idenprotect User Portal - First authentication and navigation

From iDENprotect Knowledge Base
Jump to: navigation, search

If you have not yet installed your application, please Start Here - idenprotect User Portal. Please note that use of the idenprotect User Portal also requires our other application. If they are not yet installed, please Start Here - idenprotect Core Platform or Start Here - idenprotect Authentication Portal

Introduction

The idenprotect User Portal has two main areas of responsibility; firstly, it can proxy requests from the outside world to the idenprotect Core Platform (see User Portal Configuration. Secondly, it is the web interface for users to be able to complete self-service actions.

Supported web browsers

The following web browsers are supported: -

  • Internet Explorer / Microsoft Edge (version 10 onwards)
  • Google Chrome (version 61 onwards)
  • Mozilla Firefox (version 55 onwards)


Quick Start Wizard

If you have installed version 3.11.0 or above, you will have access to a Quick Start Wizard. The Quick Start Wizard will assist you with the initial set up and you will be able to enroll a device with a test user account, complete authentication with the idenprotect Authentication Portal and arrive logged in to the idenprotect User Portal. We strongly recommend following this process if you have access to it as it will give you a feel for the overall usage and how things work. For more information, please see the Idenprotect Core Platform Quick Start Guide.

The rest of this article will focus on the user experience of enrolling a device and authenticating.


Enrollment

The idenprotect User Portal now supports Easy Enrollment where a user will receive feedback once a QR code has been scanned and once enrollment has completed. This is our recommended and most user-friendly configuration. To enable this, some changes may be required.

Configuration

To set up Easy Enrollment, you should firstly have set up your Email Client, if this has not been done, please see Email SMTP Configuration. Additional changes are also required on the idenprotect Core Platform. Navigate to the following to make the required changes:

Config -> Email -> Email Content Configuration

Once you have arrived here, you should amend the 'User Enrollment QR Code Base' property. This will change the URL in the enrollment email sent to users. Easy enrollment can be enabled by changing the URL to https://{userPortalHost}/user/onboarding?id=. {userPortalHost} will be replaced automatically based on your configuration or you can remove this and manually put in the destination if you wish.

The email template is now configured to send emails with the Easy Enrollment URL. Please note, it is possible to run both Easy Enrollment and Public Onboarding page at the same time, dependant on your administrative configuration and company policies.

Enrolling a device

Enrolling a device with the idenprotect User Portal and Easy Enrollment enabled is a very straight forward process.

  • Send an enrollment email to the user, the user should then click on the link contained and arrive on a page that looks like this:

Screenshot 2019-09-09 at 10.39.22.png

  • Scan the QR Code on the page and the page will automatically update during the enrollment process:

Onboarding enrolling.png

  • Once enrollment is complete, the page will update once more:

Onboarding complete.png


Authentication and Navigation

If you have followed the Quick Start Wizard, everything should be set up to enable you to log in straight away with an enrolled device. If you need to make any changes, please see User Portal SAML Configuration

Accessing the login screen

By default, the User Portal is configured upon installation to be accessible as a Service Provider by logging in with the idenprotect Authentication Portal. Just like the idenprotect Core Platform, the idenprotect User Portal only accepts HTTPS connections secured by SSL/TLS as specified in the server.xml Tomcat configuration file. You can Edit the configuration file to align with your organisation’s security policy. We recommend restricting connections to TLS 1.2 for security reasons.

Under the assumption that this is a single server installation and you are accessing the Management Console via a URL in the format of https://iden.{mydomain}.com, you can access the idenprotect User Portal by going to https://iden.{mydomain}.com/user.

You will be automatically redirected to the idenprotect Authentication Portal where you should enter your email address and complete the authentication via your enrolled mobile device.

Navigation

Once logged in, you should arrive on a page that looks like this:

User Portal.png

From this page it is possible to:

  • View and manage all of your own enrolled devices
  • Reset your Windows Active Directory Password (where an Active Directory configuration has been established and password reset is allowed)
  • Send yourself a new activation email to enroll a new device

Additional functionality is currently in development and this page will be updated as new functionality is added