Keycloak
137 строк · 4.8 Кб
1[[_account-service]]
2
3== Account Console
4
5{project_name} users can manage their accounts through the Account Console. They can configure their profiles, add two-factor authentication, include identity provider accounts, and oversee device activity.
6
7[role="_additional-resources"]
8.Additional resources
9
10* The Account Console can be configured in terms of appearance and language preferences. An example is adding additional attributes to the *Personal info* page. For more information, see the {developerguide_link}[{developerguide_name}].
11
12=== Accessing the Account Console
13
14.Procedure
15
16. Make note of the realm name and IP address for the {project_name} server where your account exists.
17. In a web browser, enter a URL in this format: _server-root_{kc_realms_path}/{realm-name}/account.
18. Enter your login name and password.
19
20.Account Console
21image:images/account-console-intro.png[Account Console]
22
23=== Configuring ways to sign in
24
25You can sign in to this console using basic authentication (a login name and password) or two-factor authentication. For two-factor authentication, use one of the following procedures.
26
27==== Two-factor authentication with OTP
28
29.Prerequisites
30
31* OTP is a valid authentication mechanism for your realm.
32
33.Procedure
34
35. Click *Account security* in the menu.
36. Click *Signing in*.
37. Click *Set up Authenticator application*.
38+
39.Signing in
40image:images/account-console-signing-in.png[Signing in]
41
42. Follow the directions that appear on the screen to use your mobile device as your OTP generator.
43. Scan the QR code in the screen shot into the OTP generator on your mobile device.
44. Log out and log in again.
45. Respond to the prompt by entering an OTP that is provided on your mobile device.
46
47==== Two-factor authentication with WebAuthn
48
49.Prerequisites
50
51* WebAuthn is a valid two-factor authentication mechanism for your realm. Please follow the xref:webauthn_{context}[WebAuthn] section for more details.
52
53.Procedure
54
55. Click *Account Security* in the menu.
56. Click *Signing In*.
57. Click *Set up a Passkey*.
58+
59.Signing In
60image:images/account-console-signing-in-webauthn-2factor.png[Signing in with a Passkey]
61
62. Prepare your Passkey. How you prepare this key depends on the type of Passkey you use. For example, for a USB based Yubikey, you may need to put your key into the USB port on your laptop.
63. Click *Register* to register your Passkey.
64. Log out and log in again.
65. Assuming authentication flow was correctly set, a message appears asking you to authenticate with your Passkey as second factor.
66
67==== Passwordless authentication with WebAuthn
68
69.Prerequisites
70
71* WebAuthn is a valid passwordless authentication mechanism for your realm. Please follow the <<_webauthn_passwordless,Passwordless WebAuthn section>> for more details.
72
73.Procedure
74
75. Click *Account Security* in the menu.
76. Click *Signing In*.
77. Click *Set up a Passkey* in the *Passwordless* section.
78+
79.Signing In
80image:images/account-console-signing-in-webauthn-passwordless.png[Signing in with a Passkey]
81
82. Prepare your Passkey. How you prepare this key depends on the type of Passkey you use. For example, for a USB based Yubikey, you may need to put your key into the USB port on your laptop.
83. Click *Register* to register your Passkey.
84. Log out and log in again.
85. Assuming authentication flow was correctly set, a message appears asking you to authenticate with your Passkey as second factor. You no longer need to provide your password to log in.
86
87=== Viewing device activity
88
89You can view the devices that are logged in to your account.
90
91.Procedure
92
93. Click *Account security* in the menu.
94. Click *Device activity*.
95. Log out a device if it looks suspicious.
96
97.Devices
98image:images/account-console-device.png[Devices]
99
100=== Adding an identity provider account
101
102You can link your account with an <<_identity_broker, identity broker>>. This option is often used to link social provider accounts.
103
104.Procedure
105
106. Log into the Admin Console.
107. Click *Identity providers* in the menu.
108. Select a provider and complete the fields.
109. Return to the Account Console.
110. Click *Account security* in the menu.
111. Click *Linked accounts*.
112
113The identity provider you added appears in this page.
114
115.Linked Accounts
116image:images/account-console-linked.png[Linked Accounts]
117
118=== Accessing other applications
119
120The *Applications* menu item shows users which applications you can access. In this case, only the Account Console is available.
121
122.Applications
123
124image:images/account-console-applications.png[Applications]
125
126=== Viewing group memberships
127
128You can view the groups you are associated with by clicking the *Groups* menu.
129If you select *Direct membership* checkbox, you will see only the groups you are direct associated with.
130
131.Prerequisites
132
133* You need to have the *view-groups* account role for being able to view *Groups* menu.
134
135.View group memberships
136.View group memberships
137image:images/account-console-groups.png[View group memberships]
138