Configuring the Web Help Desk

You can configure the following to enable the Web Help Desk and Self Help Desk operations:

  • Default Initial PIN - The initial PIN value for devices assigned from the Web Help Desk or Self Help Desk.

    This PIN is for display purposes only. The function does not set the PIN code for the device.

  • User search method policy - The user search methods available to the Web Help Desk operator (queries and/or groups)
  • Device Management - Options to enable device (including soft tokens) assignment from the Web Help Desk.
  • Selfdesk portal authentication policy - The logon methods available to the Self Help Desk portal user.
  • Selfdesk portal self binding policy - Options to enable device self assignment from the Self Help Desk portal.
  • Security Questions - The questions the user answers during logon to the Self Help Desk portal.
  1. Start the ActivID AAA SKI Connector service.
  2. To connect to the Web Help Desk either:

    • Open your browser and enter the Web Help Desk server URL: https://<IP address or hostname>:<port number>/4tress-aaa/helpdesk/login

      The <IP address or hostname>:<port number> were configured during installation.

    • Click the Start button, and point to All Programs, ActivID, AAA, and then click Connect to AAA Web Help Desk.

    • Go to the Web Help Desk installation directory (by default, C:\Program Files\ActivIdentity\AAA\WebHelpDesk), and double-click the Connect to AAA Web Help Desk shortcut.

      You can also copy the Web Help Desk and Self Help Desk shortcuts to a more convenient location (for example, the desktop).

      inset_000024.jpg 

  3. Log on to the Web Help Desk with the static or dynamic credentials for an Administration Console Administrator.

    inset_200025.jpg 

  4. Select the Configuration tab.

    The Web Help Desk Configuration page is displayed.

    The following steps address the configuration by function.

    inset_100026.jpg 

  5. Enter the Default Initial PIN code set for devices (except ActivID Mini Tokens) that are to be self-assigned from the Web Self Help Desk.

    This PIN code is set during the initialization process by the manufacturer or service bureau.

    Users change this initial PIN code during self-assignment.

    Note: If the initial PIN code is set in the AAA Server, the AAA Server code supersedes the initial code configured in the Web Help Desk.

  6. Select the User search method policy for the Web Help Desk.

    inset_300029.jpg 

  7. In the Device Management section, set the following:

    inset_4.jpg 

    1. Select Enable device assignment functions to activate the device assignment and unassignment functions of the Web Help Desk.
    2. Select Show initial PIN so that the initial PIN code is displayed during device assignment.
    3. Select Test device authentication to include a test phase in the device assignment process.This ensures the user is assigned the correct device and only a successful test completes the binding process.
    4. Select Allow assign already assigned tokens to assign the same token to more than one user.

    5. If you want users to be able to enroll HID Approve Secure Tokens, confirm that the init string is configured as desired.

      For further information about the init string, see Configure the Web Help Desk Settings for Soft Tokens.

    6. In the Max number of soft tokens per user field, set the maximum number of soft tokens that each user can be assigned.

      inset_500030.jpg 

  8. In the Selfdesk portal authentication policy section, select all the authentication methods:

    • Challenge/Response
    • LDAP password

    • Security questions

      inset_800031.jpg 

      Note: Self Help Desk Operations: To work correctly, you must configure the Generic Operator in the SKI Connector (see Installing the AAA Server for Remote Access). If not, the Self Help Desk user sees a configuration error message when they attempt to log on

  9. In the Selfdesk portal self binding policy section, set the following:

    1. Select Enable initial self binding to activate the device self assignment functions of the Self Help Desk.

    2. Select Enable self binding on additional device to activate the additional device self assignment functions of the Self Help Desk.

      You must make sure that the LDAP attribute mapped to the device serial numbers is capable of storing multiple values.

    3. Select Show initial PIN so that the initial PIN code is displayed during device self assignment.
    4. Select Test device authentication... to include a test phase in the device self assignment process. This ensures the user assigns the correct device and only a successful test completes the binding process.
    5. Select All end users to set a temporary password and specify the time limit for password validation in either minutes, hours or days.

    6. Select Allow end users to request SMS as backup authentication to enable the SMS backup authentication options in the Web Self Help Desk.

      inset_700034.jpg 

  10. In the Security Questions section, set the following, and then click Apply changes.

    1. If you selected Security questions in the Selfdesk portal authentication policy section, enter a question the users answer in the text box above the buttons, and click Add.
    2. Repeat the above step to define additional security questions.

    To modify or delete the question, select the question in the list of Defined Security Questions, modify it as required and click Update or Delete, respectively.

    A message is displayed that the configuration was saved successfully.

    Note:
    Security Questions 
    Changes to the Defined Security Questions may affect the answers already set by Self Help Desk users. If modifying a question, make sure that the original sense remains the same (for example, 'What is your place of birth?' to 'Where were you born?').