25 Mar, 2020

Introducing the WSO2 Identity Server Self-Care Portal

  • Nipuni Paaris
  • Software Engineer - WSO2

Now more than ever, customers demand immediate results from technology, particularly when dealing with a 24 x 7 global workforce. They often expect simple and easy services that are convenient. These include checking their user accounts online, anytime, anywhere, without making a telephone call or going to a physical location using only a desktop, tablet or mobile phone. Waiting for the help desk to address locked out accounts or password resets ties-up valuable staff with menial tasks and makes users unproductive.

The all new WSO2 Identity Server self-care portal enables you to deliver highly personalized content and empower your customers to remain in charge of their experience and interactions with your company. It is packed with a number of new components through which users can manage their user account related preferences with more convenience. The latest set of features that will be available with the new self-care portal include:

  • User profile management
  • Link accounts
  • Export user profile
  • Password resets
  • Account recovery
  • Multi-factor authentication
  • Active user sessions monitoring
  • Consent management
  • Pending approvals review

In the following sections, we will give a brief introduction to each of the above-mentioned features and explain how they will provide more centralized management of user account related activities. Additionally, you can also customize the theme of the self-care portal according to your company’s branding elements including logos and colors.

User Profile Management

Managing user profiles has become a vital part of user management in Customer Identity and Access Management (CIAM). However, the management of user profile data can be quite a hassle especially if the system administrators are to solely maintain and manage all the updates that are being made to the user data.

Hence, the WSO2 self-care portal allows users to govern their profile details and empower them to become more involved with profile related engagements through improved user experience.

Figure 1: User profile view

Link Accounts

You can use WSO2 Identity Server to link multiple accounts and switch between accounts after linking them. WSO2 Identity Server also allows you to connect your social media accounts with your WSO2 Identity Server account. Therefore users will be able to maintain all their accounts in a centralized location which will spare them the burden of remembering all the passwords and login into those accounts as many times as required.

Figure 2: Add local user account

Figure 3: Linked accounts view

Export User Profile

Use the export user profile feature in the self-care portal to download a JSON file including your personal information, consent, and other claims. This way, users know what data is stored in WSO2 Identity Server.

Note: The consent receipts in the userInfo.json file contain the PII (Personally Identifiable Information) controller information as it is at the time of receipt generation. If the PII controller has changed after receipt generation, this change will not be reflected in the existing receipts. To get an updated consent receipt that reflects the change, generate a new consent receipt by doing one of the following:

  1. Revoke the consent via the self-care portal and go through the flow that prompts the relevant consent again (e.g. revoke the given consent for an application in WSO2 Identity Server, log out, then log back in, and approve consent again. A new consent receipt will be generated for that application consent).
  2. Use Consent Management REST APIs to revoke the existing consent and add new consent.

Figure 4: Export profile view

Password Resets

We usually advise users to reset their passwords regularly as a security measure as passwords are at risk of being compromised often. Maintaining a secure password can be quite challenging due to many reasons such as falling victim to identity theft, sharing passwords, using the same password for multiple accounts, and most of all if users forget their passwords. In such instances, users expect quick and easy solutions from their identity providers. You can use the self-care portal to reset account passwords without being locked out of your accounts for hours.

Figure 5: Change password view

Account Recovery

The account recovery feature implemented in WSO2 Identity Server helps to recover the user account if the user has forgotten the username or password. This recovery process is also secured with captcha verification.

The main part of account recovery is setting up security or challenge questions for user accounts. With WSO2 Identity Server, you can set up challenge questions in different languages. The self-care portal allows users to add and update their challenge questions and update the email address that they can use to recover their accounts when required. This provides users with a highly secured alternative way to log into their accounts.

Figure 6: Account recovery section

Multi-factor Authentication

Multi-factor authentication (MFA) creates a layered defense and makes it more difficult for an unauthorized person to access a target such as a physical location, computing device, web service, network, or database. If one factor is compromised or broken, the attacker has at least one more barrier to breach before successfully breaking into the target. WSO2 Identity Server enables you to configure multi-step authentication where you can define an authentication chain containing different authenticators in different steps.

Using the latest self-care portal, users can update their mobile numbers through which they can authenticate themselves using the one-time verification code. They can also add biometric factors like FIDO devices and fingerprint sensors.

When connecting biometric devices as second authentication factors, our self-care portal is compatible with both FIDO U2F and modern FIDO2 devices that support passwordless authentication. Learn more about our passwordless authentication feature here.

Figure 7: Multi-factor authentication view

Active User Sessions Monitoring

The active user sessions section in the self-care portal enables users to view details related to the sessions of different applications that are accessed via WSO2 Identity Server. When you click on the show more button aligning with a specific session, it will display a detailed view of the session including the operating system, IP address, applications list, login time, and the last accessed time.

Depending on the user’s preference, the self-care portal allows the users either to terminate sessions at once or one by one. By clicking the terminate all button at the top right corner, you can terminate all the active sessions with a single button click. If you wish to terminate a specific session, you can then click on the terminate session in the detailed view section.

Figure 8: Active sessions view

Consent Management

WSO2 Identity Server provides a comprehensive consent management solution that can be used to manage consent related to Identity and Access Management (IAM) and also to manage consent that belongs to third party applications. You can use the self-care portal to revoke or edit your consent given to applications registered in WSO2 Identity Server.

Figure 9: Manage consents view

Pending Approvals Review

WSO2 Identity Server enables you to have more control over the tasks that are executed in it by using workflows. This is particularly useful in a scenario where you are approving user accounts. Workflows provide you with the flexibility to configure this approval process in a way that suits your scenario.

The self-care portal allows you to review the workflow operations like adding users, updating user claims, deleting users, and user approvals and denials. For user convenience, we have categorized the pending approvals into three states which are ready, reserved, and completed. For example, suppose that you need to approve all user creation in WSO2 Identity Server. Whenever a user is created in the system, that task will appear under the ready section waiting for your approval. Whenever you review a task and claim it, that task will be listed under the reserved section of approvals. Once you approve or deny the task it will appear under the completed section.

Figure 10: Pending approval view

Figure 11: Reserved tasks view

Now that you have a fundamental understanding of what our new user self-care portal can offer you, download the latest version of WSO2 Identity Server and try it out for yourself. We’d love to hear your thoughts and suggestions so that we can enhance it further to match your requirements.


About Author

  • Nipuni Paaris
  • Software Engineer
  • WSO2