Self service portal
- Introduction to Self Service Portal
- My tasks
- My issues
- My applications
- My requests
- Process Search
- My accounts
- My OTP devices
- My certificates and FIDO tokens
- My Profile
Introduction to Self Service Portal
What is Self-Service Portal?
Soffid Console provides the Self-Service Portal, where the end-users can consult or change their credentials, request new permissions or access to applications, manage their profile, or launch applications. All from a single point of entry.
Another purpose of the Self-Service Portal is to reduce the workload of the IT department, as well as improve the overall security of the IT system.
Soffid allows administrator users to configure access to the different options depending on the end-users roles defined to use Soffid. In this way, end-users will be able to access the Self-Service Portal to manage their own requirements always depending on the defined business processes.
Screen overview
Brief description of each option
My tasks
My tasks display all the tasks in which the user is involved, like a supervisor, manager, o person how has to approve or deny that task.
My request
My requests display all the processes or workflows that the user will be able to run, and the option allows the user to consult the status of the requests.
The Query request status displays all the processes that the user has initiated and allows the user to consult all the information about the workflow.
Process Search
That functionality allows to users search for processes initiated or requested by themselves. Here the users will be able to consult all the information related to the processes and their status and if there are any pending tasks to be completed. If there are pending tasks, the user will be able to browse the task and manage it.
Administrator users will be able to consult all the information about all the processes which have been executed by any user.
My Applications
My applications display all the corporate applications and third-party applications as well to which the user has permission to connect. Those applications have to be configured into Soffid Console
The password vault folder will be displayed as well. In this folder, the users will be able to find the shared accounts on the Soffid vault folder and will be able to save their personal accounts.
My Accounts
My Accounts display all the personal user accounts registered into Soffid Console and with which the user will log into the target system.
My authentication
My OTP devices
My OTP devices display all the OTP devices configured by the user and allow to the user config new ones.
My certificates and FIDO tokens
My certificates and FIDO token display all the configured certificates and allow to the user config new ones.
Visit My certificates and FIDO tokens page
My Profile
My Profile allows to end-users config their own profile, update the user info and preferences, change the password, and recovery questions.
My tasks
Description
Displays the task in which the user is involved like a supervisor, manager, o person how has to approve or deny that tasks.
My task provides information about the process, the task, the start and due date and the asigned user. By clicking a record, it will be shown de task details and to perform actions will be allowed.
Manual tasks are assigned to named users, groups or roles. Whatever strategy is followed, each one of the assigned users will see that task at their tasks page.
You can differentiate tasks by their highlighted style:
- Normal: started task
- Highlighted Blue: due task
- Highlighted Bold: new task
The purpose of My tasks as a part of Self Service Portal is to reduce the workload of IT department, as well as improve overall security of IT system. Soffid console is concerned about task delegation and workflow management.
Screen overview
Custom attributes
My Task List
- Process ID: unique process identifier in the system.
- Process: generic process name.
- Task: generic task name.
- Start Date: date and time when the process was started.
- Due Date: date and time when the process will finish.
- Assigned: user to whom the task is assigned
Task detail
Task
Shows information about the job done in this task. This information depends on the process launched.
Action Logs
The action logs tab shows basic information about the process and a list with the summary of all the successive phases through which the task has passed.
- Start date: date and time the task starts
- Last task date: date of last task update.
- End date: date and time the process ends.
- Status: shows the point of the task (pending, on going or End/Completed)
- Approve pending permissions: Summary of all the successive phases through which the task has passed, providing information on the start date and time of the phase, the user assigned, and the action that was done.
Attachments
Displays the documents attached to the task, in some cases, files are attached to the tasks.
Allows you to download those documents and to verify any digital signature attached to them. Some tasks even allow the user to upload documents.
Comments
Displays the comments list added during the business process execution. Displays the comments list added during the task execution providing information about the user who wrote the comment, the date and time of that writing, and the comment that was writed.
Actions
My task query actions
Reload |
This action reload the task list with the current data. |
Download CSV File |
This action allows you to download a csv file with the list of all tasks. You can open the hamburger icon and Download CSV File. |
Open task |
By clicking on a record, the task detail will be shown. |
My task detail actions
Close |
Allows you to closes the task window, you can add new comments and those will be saved. |
Take ownership |
Enables the user to self-assign the task to authorize or deny it. |
Schedule |
Allows you to schedule the task execution. |
Delegate |
Allows you to to reassign the task to another user, who will must approve or deny it. |
Approve |
Allows you to authorize the task. When you authorize a task all defined operations for this task will be performed. |
Reject |
Allows you to deny the task. When you deny a task none defined operations for this task will be performed. |
My issues
Description
Soffid provides a tool to manage all issues and allows you to perform the operations available for each type of task. The actions to be performed will depend on each kind of task.
Screen overview
Standard attributes
- Issue type: issue list defined by Soffid.
- Description: a brief description of the issue.
- Status: possible task status. There are three available statuses:
- New
- Acknowledged
- Solved
- Created on: date of creation
Actions
Issues query action
Download CSV file | Allows you to download a CSV file with the issue data. |
Add or remove columns |
Allows you to show and hide columns in the table. You can also set the order in which the columns will be displayed. The selected columns and order will be saved for the next time Soffid displays the page. |
Issue detail
Close | Allows you to quit without applying any changes. |
Acknowledge |
Allows you to check as Acknowledged |
Solve issue |
Allows you to mark as solved the issue. |
Send custom email | Allows you to send a custom email to one recipient. |
Add Comments | Allows you to add comments to the Action logs. |
account-created
Unlock account | If you click this option, Soffil will unlock the account. |
Look affected accounts |
If you click this option, Soffil will lock affected accounts. |
Disable user |
If you click this option, Soffid will disable the user. |
disconnected-system
discovered-host
discovered-system
💻 Image
duplicated-user
Mege users |
If you click this option, Soffid will allow you to merge the identities by selecting the data of each of them. |
failed-job
enabled-account-on-disabled-user
Unlock account | If you click this option, Soffil will unlock the account. |
Look affected accounts |
If you click this option, Soffil will lock affected accounts. |
global-failed-login
integration-errors
locked-account
Unlock account | If you click this option, Soffil will unlock the account. |
Look affected accounts |
If you click this option, Soffil will lock affected accounts. |
Disable user |
If you click this option, Soffid will disable the user. |
Lock affected host |
If you click this option, Soffid will lock the affected host. |
Unlock host |
If you click this option, Soffid will unlock the host. |
login-different-country
Unlock account | If you click this option, Soffil will unlock the account. |
Look affected accounts |
If you click this option, Soffil will lock affected accounts. |
Disable user |
If you click this option, Soffid will disable the user. |
Lock affected host |
If you click this option, Soffid will lock the affected host. |
Unlock host |
If you click this option, Soffid will unlock the host. |
login-from-new-device
Unlock account | If you click this option, Soffil will unlock the account. |
Look affected accounts |
If you click this option, Soffil will lock affected accounts. |
Disable user |
If you click this option, Soffid will disable the user. |
Lock affected host |
If you click this option, Soffid will lock the affected host. |
Unlock host |
If you click this option, Soffid will unlock the host. |
login-not-recognized
Unlock account | If you click this option, Soffil will unlock the account. |
Look affected accounts |
If you click this option, Soffil will lock affected accounts. |
Disable user |
If you click this option, Soffid will disable the user. |
Lock affected host |
If you click this option, Soffid will lock the affected host. |
Unlock host |
If you click this option, Soffid will unlock the host. |
otp-failures
Unlock account | If you click this option, Soffil will unlock the account. |
Look affected accounts |
If you click this option, Soffil will lock affected accounts. |
Disable user |
If you click this option, Soffid will disable the user. |
Lock affected host |
If you click this option, Soffid will lock the affected host. |
Unlock host |
If you click this option, Soffid will unlock the host. |
pam-violation
Unlock account | If you click this option, Soffil will unlock the account. |
Look affected accounts |
If you click this option, Soffil will lock affected accounts. |
Disable user |
If you click this option, Soffid will disable the user. |
Lock affected host |
If you click this option, Soffid will lock the affected host. |
Unlock host |
If you click this option, Soffid will unlock the host. |
password-changed
💻 Image
permissions-granted
Unlock account | If you click this option, Soffil will unlock the account. |
Look affected accounts |
If you click this option, Soffil will lock affected accounts. |
Disable user |
If you click this option, Soffid will disable the user. |
risk-increase
Unlock account | If you click this option, Soffil will unlock the account. |
Look affected accounts |
If you click this option, Soffil will lock affected accounts. |
Disable user |
If you click this option, Soffid will disable the user. |
robot-login
Unlock account | If you click this option, Soffil will unlock the account. |
Look affected accounts |
If you click this option, Soffil will lock affected accounts. |
Disable user |
If you click this option, Soffid will disable the user. |
Lock affected host |
If you click this option, Soffid will lock the affected host. |
Unlock host |
If you click this option, Soffid will unlock the host. |
security-exception
Disable user |
If you click this option, Soffid will disable the user. |
My applications
Description
My application is a part of a Soffid Self-service portal that allows end-users to start corporate applications and third party applications. Also, the end-user can view and use the shared accounts available for the user defined on the Password vault.
Applications
That option shows to each user, all the Corporate and Third party Applications to which the user can connect and the applications with public access. These applications have to be configured on the Application Access Tree option by an administrator user.
For more information you can visit the Application access tree page.
Password Vault
My Applications option shows the PasswordVault folder. On the vault folder you can find two kind of folders, one a personal folder and other a shared folder.
Inside the personal folder, you can create your own accounts, those accounts will not be shared with any other user. The shared folders could be used or managed by the owner/manager/SSO users.
For more information you can visit the Password vault page.
Screen overview
My requests
Description
Soffid provides a complete workflow engine that allows you to incorporate business processes or define new business processes as needed. End-users with the appropriate permissions will be able to request these processes. You can visit Self service portal examples page for more information.
My request screen allows to users: on the one hand, consult the processes they have executed and view the process details and status, Query request status; on the other hand, they will be able to execute the processes for which they have been assigned the proper permissions.
More information about process and workflows on BPM Editor Book
Screen overview
Query request status
Description
Displays a table with all the processes performed by the end-user. The end-user can consult processes detail and perform actions depending on the user permissions. You can visit Self service portal examples page for more information.
Custom attributes
- Process ID: unique process identifier in the system.
- Process Name: generic process name
- Status: displays the point in progress on the defined process diagram. Depend on the process status, you could perform some operations or others.
- Start date: date and time the process starts
- End date: date and time the process ends. A process without end date it is a process in progress
To view all the attributes of one process, you can access Process attributes to consult the custom attributes. Be in mind, the processes have custom attributes depending on the business process definition.
Actions
The operations to be performed depend on the user permission and the business processes defined with the workflow engine.
You can find documentation about the business processes on BPM Editor Book.
Query request status actions
Reload |
Allows you to reload the processes list with updated data. |
Download CSV file |
Allows you to download a CSV file with all the information of the processes list. |
Query Filters |
Allows you to filter data in each column of the table. |
Process actions
The actions to perform to each process, depend on the business process definition and the user permissions.
You can find more information about the most commons process actions if you go to Process detail actions
Process Search
Description
A process is a series of actions, connected by transitions. An action could be either an automatic action or a manual task.
Soffid console is concerned about task delegation and workflow management. Any user is able to create new processes or any user can be assigned as an actor for a task belonging to a process.
Process Search page allows users to search process by different criteria, to view the process details and to perform the proper actions depending on the user roles.
In order to view a task, a security constraint must be accomplished. The user must have granted the observer or administrator role on the specific project version or has been assigned as a potential actor of it at some time.
Screen overview
Custom attributes
Search attributes
The search can be performed by setting certain parameters, which are as follows:
- Search text: search by a certain text, as user name or application, etc.
- Process ID: all the processes have an assigned an identifier ID.
- Start date: allows you to establish a date range when the process was started.
- Include completed: by default, tasks that have not yet been completed are displayed. By marking this flag, those who have concluded will also be shown. If you marck this flag, you could select a date range about the End date of the process.
Process attributes
Each process has commons attributes and specific attributes depending on the business process definition.
You can find documentation about the business processes on BPM Editor Book
Commons process attributes
- Proces Id: each proces has an unique identifier.
- Name: shows process name and the versión of the addon you are using.
Other process information
- Specific process attributes: these attributes depend on the process definition.
- Work in progress: details the specific point in which the process and associated tasks are. You can find information about the process ID, the job description for each one of them, the start date and time, and the current status. The users with the proper roles could view the task details, browse and perform actions by clicking on it.
- Actions log: summary of all the successive phases through which the process has passed, providing information on the start date and time of the phase, the user (task manager) assigned, and the action that was done.Also when it is defined, the diagram of the workflow is diplayed.
- Attachments: in some cases, for example in massive user upload processes using a CSV file, files are attached to the process so that it can be executed. These files can be consulted, by downloading or opening them directly, from this page. Additionally, if needed, it is possible to see the certificates used by the process owner.
- Comments: displays the comments added by the user who initializes or performs actions on the process.
Actions
Process query actions
Actions to be performed on the process list:
Search |
Allows you to query the processes with the indicated parameters. |
Download CSV file |
Allows you to download a CSV file with the list of processes. You can open the hamburger icon and Download CSV File. |
Table Filters |
Allows you to filter data in each column of the table. |
Process detail actions
Each process has a specific action defined on the business process definition.
You can find documentation about the business processes on BPM Editor Book
The most commons actions are below:
Close |
Allows you to close the process detail page and return to the previous page. |
Reload |
Allows you to reload all process data with the updated data. |
Take ownership |
Allows you to take the ownership to approve o deny the process. |
Approve |
Allows you to approve the process and perform the actions defined for that process. |
Deny |
Allows you to reject the process. |
Work in progress actions
Edit task |
Allows you to edit a task by clicking on the record. When you click the task, you will browse to the task detail and it will be allowed to perform actions defined to users with the proper permissions. |
Attachments
Download |
Allows you to download the available attached files. |
My accounts
Description
My Account is a part of Soffid's self-service portal that allows end-users to access and manage their personal accounts. That option displays to each user, all their personal accounts and allows to set and query the password of each account.
Screen overview
Standard user attributes
- System: target sistem for which this account has been created
- System description: a brief description of the system.
- Name: user account name.
- Actions: available actions.
Actions
Set password |
Allows you to set a new password for this account. That change will apply to different target systems. The new password must comply with the password policies definied. |
Query password |
Allows you to query and copy the password and the user name. |
Download CSV file |
Allows you to download a CSV file with all the information about your accounts. |
My OTP devices
Description
My OTP devices are part of a Soffid Self-service portal that allows end-users to access their OTP devices configured.
That option display to each user, all their OTP devices and also allows you to manage those and add new OTP devices.
This option will only be available if the OTP addon is installed in the Soffid console. Visit the Two factor authentication book for more information
Screen overview
Standard attributes
- Name: automatic name assigned to the OTP device
- Created: created date and time.
- Last use: last used date and time.
- Status
- Created
- Enabled
- Locked
- Disabled
Actions
Add |
Allows you to add a new OTP device. To add new OTP devices you need to click the add button (+), then Soffid will display a new wizard to config the OTP devices. First of all, you need to select the OTP device Type, once the type is selected, you need to fill in the required fields, which depend on the Type selected. If you select an Event-based or Time-based HMAC Token, you will need to scan the QR code and write the PIN. Finally, you must Apply changes. |
Delete |
Allows you to delete one or more OTP devices. To delete OTP devices first select the devices, then click on the subtract button (-), then Soffid will ask you to confirm or cancel the operation. |
My certificates and FIDO tokens
Description
My certificates and FIDO tokens are part of a Soffid Self-service portal that allows end-users to access their OTP devices configured.
That option displays to each user, all their certificates and FIDO tokens and allows also to manage those and add new certificates and FIDO tokens.
Screen overview
Standard attributes
- Type: there are two available options:
- Certificate.
- FIDO token.
- Soffid Authenticator
Actions
Add |
Allows you to add new certificates and FIDO tokens. To add new ones you need to click the add button (+), and then Soffid will display a new wizard to configure the certificates and FIDO tokens. First of all, you need to select the Type, once the type is selected, you need to follow the required steps which depend on the Type selected. |
Delete |
Allows you to delete one or more certificates and FIDO tokens. To delete certificates or FIDO tokens first you must select the certificate or FIDO token, then click on the subtract button (-), then Soffid will ask you to confirm or cancel the operation. |
My Profile
Description
My Profile is a part of a Soffid Self-service portal that allows to end-users config their own profile, update the user info and preferences, change their password, and recover questions.
To display My Profile page you need to click on the config icon and then click My Profile on the options menu. Then Soffid displays a new window that will allow end users to configure their profiles.
Screen overview
Basic tab
Change password
Authorizations tab
Application consents tab
Standard attributes
Basic
User Info
- Last login: date and time of the user's last login.
- Last IP connection: IP of the user's last login.
- Change password: allows end-users to change their password.
- Password recovery questions: allows end-users to config their own questions to recover their passwords.
For more info about password recovery, you can visit the Password recovery questions page.
Preferences
- Language: allows end-users to select their preferred language.
- Time Zone: allows end-users to select their time zone.
- Date format: allows end-users to select the format date.
- Sample: displays how the date will be displayed in Soffid Console
- Time format: allows end-users to select the format time
- Sample: displays how the time will be displayed in Soffid Console
Authorizations
Display a list with the user authorizations.
Application consents
Displays a list of all the user's consents given, and the user can see all of them. Users can remove the consent at any time as well.
When the user connects to a new application, the IdP will indicate which data will be shared with this application. That information is defined in the Attribute sharing policies page of the Federation.
For more info about password recovery, you can visit the Attribute sharing policies page.