The DualShield Self-Service Console allows users to create and register their own tokens.
The console is designed to run as a server application on its own, however, the DualShield installation program always installs a copy of the Self-Service Console as a service in the platform in the same place where DualShield authentication server and management console are installed.
After installation of the self-service console you will need the following steps to be performed prior to the users being able to access the self-service console;
Self-Service Logon Procedure
The self service console will require a logon procedure to be created that will define what authentication methods will be required when the users log on to the portal .
Navigate to "Authenticatrion | Logon Procedures", then use the "Create" button to create an appropriately named logon procedure of type "Web SSO" (see example below);
Save the new logon procedure, then use the context menu of the newly created logon procedure to create logon steps.
Use the "Create" and "Add" buttons to create logon steps for the newly created logon procedure.
In this example we will just add one step that uses a static password to authenticate the user.
Click the "Add" button to add methods to our first step
Scroll down the list of authentication methods and select the method (or methods) that are to be used in this step then click "Save";
Once all the required authentication methods for this step have been added click on "Save" and the step will be updated.
Additional steps can be created if required by clicking on "Create", and repeat the process above.
When all the logon steps have been created the logon procedure will look something like the following example;
During installation of the authentication server an application and a realm called "Self-Service Console" were created, but the application is currently not assigned to a logon procedure.
Navigate to "Authentication | Applications", then at the context menu of the application "Self-Service Console" select "Logon Procedure";
A new window titled "Logon Procedure" will now open, select the newly created logon procedure then click "Save";
During installation the agent "Service Console was created and assigned to the application "Service Console", but no publishing details have yet been added, so this information must now be entered.
Adding Domains to the Realm
By default the realm "Self Service Console" is created without member domains and will need domains added.
To add the required domains navigate to "Authentication | Realms", left click on the realm "Self Service Console", then select "Domains";
You will then be presented with a list of domains that are know to the server. Select the domains that the users who will have access to the self-service console are members then click "Save".
Publishing the Agent
The Agent for the service console will need to be published to an appropriate URL that the users will use to access the self-service console.
Navigate to "Authentication | Agents", edit the agent "Service Console", then at the prompt "Agent Public URL" you will need to supply the publishing address of the self service poirtal;
The URL should formatted similar to the example above, it should use port "8076" and should be terminated with a "/dsc" suffix (you will need to add this suffix after a clean installation).
The settings of the self-service console portal can be customised by navigating to "Administration | Policies", select the category "Self Service" then edit the settings as follows;
Whilst the default policy settings may be suitable initially, you can now take the opportunity to change these default account permissions to reflect the options you require enabled for your users.
Testing the Self-Service Consoles' Portal
Once the above configuration preparation stages have been completed you are ready to test the portal by logging in as a user.
Open a new browser window and type in the URL that was supplied to the agent "Service Console" (see "Publishing the Agent" above).
You will now be presented with the logon screen for the Self-Service Console;
Test user access by logging in as a user with the users' credentials.
Upon successful logon you will be presented with the self-service console portal;
This screen can now be used for creating and registering user tokens.