Access SecureAuth IdP's IdM Functionalities on Behalf of Another User

    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • Applicable Versions:SecureAuth IdP 7.0+

    Description:Client's helpdesk personnel needs to perform functions and access profiles on behalf of the userthrough SecureAuth IdP beyond what the Account Management (Help Desk) page provides.

    Background: While the previously-published realm-chaining article(of which familiarity is required to be able to use this article effectively) works by forwarding the user to another realm once they have successfully completed authentication on the current realm, that configuration only allows that user to access their own profile. The configuration we need to perform is very similar to the steps we have outlined in the aforementioned article, save for a fewconfiguration changes.

    The steps below delineate a workflow where user is going through the standard authentication workflow that comes with SecureAuth IdP.


    First Realm - SecureAuth1:

    In the Workflow tab, set the following:

    Public/Private Mode: Public and Private Mode

    Authentication Mode: Standard (User /2nd Factor / Password)

    Second Realm - SecureAuth2:

    1. In the Workflow tab, set the following:

    Public/Private Mode: Public Mode Only

    Authentication Mode:UserName Only

    2. Navigate to the Custom Front End section of the Workflow tab and make the following:

    Receive Token: Send Token Only

    This configuration essentially:

    • protects SecureAuth2 by redirecting the user to SecureAuth1 if they haven't authenticated properly
    • allows user, once authenticated through SecureAuth1, toaccess another user's profile simply by typing in the user's username in the login page of SecureAuth2.

    Note:Additional protection is recommended to be implemented by enabling group restriction on SecureAuth1 so only members of a certain group (in this case, only members of the Helpdesk group) can perform this function.

    0 out of 0 found this helpful



    Please sign in to leave a comment.