Admin UI Authentication

Authentication abstraction is only supported for self-service authentication and is not supported by the administration user interface.  All administrators will be required to authenticate natively to the “Identity System”.  Depending on your selected LDAP Directory at installation, a different attribute is used for the administrative username. 

The table outlines which attribute is used for each type of LDAP.

During the installation of the product, you were also asked to provide a schema administrator, which contains administrative privileges to manage Fischer’s database schema.  If your “Identity System” is ever unavailable, you can use your Fischer schema database administrator to authenticate to the administrative user interface.  This should be considered to be an internal set of credentials and only used in fire call situations where accessing the administrative user interface is not possible due to “Identity System” unavailability.  Note that the database account does not have the full permissions and will see limited functionality.  This fire call account is useful if the Identity System goes down primarily for troubleshooting purposes.  The database admin account abilities are defined below.

The database account will have 3 visible tabs:

Within the context of the “Systems” tab, the database account will be able to perform the following tasks:

1. Add new Connected Systems
2. Modify existing Connected Systems
3. Delete existing Connected Systems

The functionality available from the “Server” tab includes:

1. Viewing the high availability configuration and status
2. Viewing the logs

The functionality available from the “Configuration” tab includes:

1. Viewing / Editing the Global Configuration Options (for the master org)
2. Viewing / Modifying the User Authentication Configuration which can help IGA Administrators to modify the authentication stores to help users gain access if the Identity System will be down for a while.