Keycloak

Форк
0
137 строк · 4.8 Кб
1
[[_account-service]]
2

3
== Account Console
4

5
{project_name} users can manage their accounts through the Account Console. They can configure their profiles, add two-factor authentication, include identity provider accounts, and oversee device activity.
6

7
[role="_additional-resources"]
8
.Additional resources
9

10
* The Account Console can be configured in terms of appearance and language preferences. An example is adding additional attributes to the *Personal info* page. For more information, see the {developerguide_link}[{developerguide_name}].
11

12
=== Accessing the Account Console
13

14
.Procedure
15

16
. Make note of the realm name and IP address for the {project_name} server where your account exists.
17
. In a web browser, enter a URL in this format: _server-root_{kc_realms_path}/{realm-name}/account.
18
. Enter your login name and password.
19

20
.Account Console
21
image:images/account-console-intro.png[Account Console]
22

23
=== Configuring ways to sign in
24

25
You can sign in to this console using basic authentication (a login name and password) or two-factor authentication. For two-factor authentication, use one of the following procedures.
26

27
==== Two-factor authentication with OTP
28

29
.Prerequisites
30

31
* OTP is a valid authentication mechanism for your realm.
32

33
.Procedure
34

35
. Click *Account security* in the menu.
36
. Click *Signing in*.
37
. Click *Set up Authenticator application*.
38
+
39
.Signing in
40
image:images/account-console-signing-in.png[Signing in]
41

42
. Follow the directions that appear on the screen to use your mobile device as your OTP generator.
43
. Scan the QR code in the screen shot into the OTP generator on your mobile device.
44
. Log out and log in again.
45
. Respond to the prompt by entering an OTP that is provided on your mobile device.
46

47
==== Two-factor authentication with WebAuthn
48

49
.Prerequisites
50

51
* WebAuthn is a valid two-factor authentication mechanism for your realm. Please follow the xref:webauthn_{context}[WebAuthn] section for more details.
52

53
.Procedure
54

55
. Click *Account Security* in the menu.
56
. Click *Signing In*.
57
. Click *Set up a Passkey*.
58
+
59
.Signing In
60
image:images/account-console-signing-in-webauthn-2factor.png[Signing in with a Passkey]
61

62
. Prepare your Passkey. How you prepare this key depends on the type of Passkey you use. For example, for a USB based Yubikey, you may need to put your key into the USB port on your laptop.
63
. Click *Register* to register your Passkey.
64
. Log out and log in again.
65
. Assuming authentication flow was correctly set, a message appears asking you to authenticate with your Passkey as second factor.
66

67
==== Passwordless authentication with WebAuthn
68

69
.Prerequisites
70

71
* WebAuthn is a valid passwordless authentication mechanism for your realm. Please follow the <<_webauthn_passwordless,Passwordless WebAuthn section>> for more details.
72

73
.Procedure
74

75
. Click *Account Security* in the menu.
76
. Click *Signing In*.
77
. Click *Set up a Passkey* in the *Passwordless* section.
78
+
79
.Signing In
80
image:images/account-console-signing-in-webauthn-passwordless.png[Signing in with a Passkey]
81

82
. Prepare your Passkey. How you prepare this key depends on the type of Passkey you use. For example, for a USB based Yubikey, you may need to put your key into the USB port on your laptop.
83
. Click *Register* to register your Passkey.
84
. Log out and log in again.
85
. Assuming authentication flow was correctly set, a message appears asking you to authenticate with your Passkey as second factor. You no longer need to provide your password to log in.
86

87
=== Viewing device activity
88

89
You can view the devices that are logged in to your account.
90

91
.Procedure
92

93
. Click *Account security* in the menu.
94
. Click *Device activity*.
95
. Log out a device if it looks suspicious.
96

97
.Devices
98
image:images/account-console-device.png[Devices]
99

100
=== Adding an identity provider account
101

102
You can link your account with an <<_identity_broker, identity broker>>. This option is often used to link social provider accounts.
103

104
.Procedure
105

106
. Log into the Admin Console.
107
. Click *Identity providers* in the menu.
108
. Select a provider and complete the fields.
109
. Return to the Account Console.
110
. Click *Account security* in the menu.
111
. Click *Linked accounts*.
112

113
The identity provider you added appears in this page.
114

115
.Linked Accounts
116
image:images/account-console-linked.png[Linked Accounts]
117

118
=== Accessing other applications
119

120
The *Applications* menu item shows users which applications you can access. In this case, only the Account Console is available.
121

122
.Applications
123

124
image:images/account-console-applications.png[Applications]
125

126
=== Viewing group memberships
127

128
You can view the groups you are associated with by clicking the *Groups* menu.
129
If you select *Direct membership* checkbox, you will see only the groups you are direct associated with.
130

131
.Prerequisites
132

133
* You need to have the *view-groups* account role for being able to view *Groups* menu.
134

135
.View group memberships
136
.View group memberships
137
image:images/account-console-groups.png[View group memberships]
138

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.