The goal of this chapter is to introduce the basic concepts of the Administration Portal.
The contents below correspond to the menu items (in order) as they appear in the left-hand side of the IDHub Administration portal menu.
|Users||Overview of users (or principals) that are known and stored in the IDHub repository. A user can request access to an application (Service Provider) and is authenticated by an Identity Provider.|
|Identity Providers||An Identity Provider performs the authentication of users.|
|Service Providers||A Service Provider requests the authentication of users. An Authentication Scheme (cfr. Authentication) must first be created before you can start configuring a new Service Provider.|
|Workflows||Opens the TBA application in a new tab. The TBA application is used to build and deploy workflows.|
|User Attributes||User-related information that can be requested by a Service Provider, and/or provided by an Identity Provider.
It is possible to refine access to Service Providers by defining rules that restrict access, depending on certain attribute values (eg. Age must be higher than 18 years).
|Authentication||This part configures the Authentication
Every Authentication is required by one Service Provider and provided by at least one Identity Provider. Also support multi-factor authentication.
Authentication Methods (Authentication Methods): Defines the context of the authentication (eg. User/Password) and which Identity Provider(s) provide this
Authentication Schemes (Authentication Schemes): Defines which Authentication Methods are accepted by A Service Provider, and in which order of security.
|Certificates||Importing and overview of all certificates available in IDHub.
|Scopes||Groups user attributes by purpose. A scope determines which User Attributes are required by a Service Provider. While authenticating, the end-user will have to give consent to the Service Provider to access these attributes.
Scopes are specific for OpenIDConnect authentication protocols.
|Templates||Templates contain the elements to build the feedback into visual/textual interfaces towards the end-user. For example error/confirmation messages or e-mails.|
|Settings||Various other settings:
- General server settings & Kerberos configuration
- Mobile Authentication issuers
- Template/location settings: whether to redirect a user to a different URL or to use a template.
- Digipass settings
|Branding||Branding restyles the log-in screen and Self-service application for the end-user.|