Self service portal Introduction to Self Service Portal What is Self-Service Portal? Soffid Console provides the Self-Service Portal, where the end-users can consult or change their credentials, request new permissions or access to applications, manage their profile, or launch applications. All from a single point of entry. Another purpose of the Self-Service Portal is to reduce the workload of the IT department, as well as improve the overall security of the IT system. Soffid allows administrator users to configure access to the different options depending on the end-users roles defined to use Soffid. In this way, end-users will be able to access the Self-Service Portal to manage their own requirements always depending on the defined business processes. Screen overview Brief description of each option My tasks My tasks display all the tasks in which the user is involved, like a supervisor, manager, o person how has to approve or deny that task. Visit My Task page My request My requests display all the processes or workflows that the user will be able to run, and the option allows the user to consult the status of the requests. The Query request status displays all the processes that the user has initiated and allows the user to consult all the information about the workflow. Visit My Request page Process Search That functionality allows to users search for processes initiated or requested by themselves. Here the users will be able to consult all the information related to the processes and their status and if there are any pending tasks to be completed. If there are pending tasks, the user will be able to browse the task and manage it. Administrator users will be able to consult all the information about all the processes which have been executed by any user. Visit the Process search page My Applications My applications display all the corporate applications and third-party applications as well to which the user has permission to connect. Those applications have to be configured into Soffid Console The password vault folder will be displayed as well. In this folder, the users will be able to find the shared accounts on the Soffid vault folder and will be able to save their personal accounts. Visit My Applications page My Accounts My Accounts display all the personal user accounts registered into Soffid Console and with which the user will log into the target system. Visit My Accounts page My authentication My OTP devices My OTP devices display all the OTP devices configured by the user and allow to the user config new ones. Visit My OTP devices page My certificates and FIDO tokens My certificates and FIDO token display all the configured certificates and allow to the user config new ones. Visit  My certificates and FIDO tokens page My Profile My Profile allows to end-users config their own profile, update the user info and preferences, change the password, and recovery questions. Visit My Profile page My tasks Description Displays the task in which the user is involved like a supervisor, manager, o person how has to approve or deny that tasks. My task provides information about the process, the task, the start and due date and the asigned user. By clicking a record, it will be shown de task details and to perform actions will be allowed. Manual tasks are assigned to named users, groups or roles.  Whatever strategy is followed, each one of the assigned users will see that task at their tasks page. You can differentiate tasks by their highlighted style: Normal: started task Highlighted Blue: due task Highlighted Bold: new task The purpose of My tasks as a part of Self Service Portal is to reduce the workload of IT department, as well as improve overall security of IT system. Soffid console is concerned about task delegation and workflow management. Screen overview Custom attributes My Task List Process ID: unique process identifier in the system. Process: generic process name. Task: generic task name. Start Date: date and time when the process was started. Due Date: date and time when the process will finish. Assigned: user to whom the task is assigned Task detail Task Shows information about the job done in this task. This information depends on the process launched. Action Logs The action logs tab shows basic information about the process and a list with the summary of all the successive phases through which the task has passed. Start date: date and time the task starts Last task date: date of last task update. End date: date and time the process ends. Status: shows the point of the task (pending, on going or End/Completed) Approve pending permissions: Summary of all the successive phases through which the task has passed, providing information on the start date and time of the phase, the user assigned, and the action that was done. Attachments Displays the documents attached to the task, in some cases, files are attached to the tasks. Allows you to download those documents and to verify any digital signature attached to them. Some tasks even allow the user to upload documents. Comments Displays the comments list added during the business process execution. Displays the comments list added during the task execution providing information about the user who wrote the comment, the date and time of that writing, and the comment that was writed. Actions My task query actions Reload This action reload the task list with the current data. Download CSV File This action allows you to  download a csv file with the list of all tasks. You can open the hamburger icon and Download CSV File. Open task By clicking on a record, the task detail will be shown. My task detail actions Close Allows you to closes the task window,  you can add new comments and those will be saved. Take ownership Enables the user to self-assign the task to authorize or deny it. Schedule Allows you to schedule the task execution. Delegate Allows you to to reassign the task to another user, who will must approve or deny it. Approve Allows you to authorize the task. When you authorize a task all defined operations for this task will be performed. Reject Allows you to deny the task. When you deny a task none defined operations for this task will be performed. My issues Description Soffid provides a tool to manage all issues and allows you to perform the operations available for each type of task. The actions to be performed will depend on each kind of task. Screen overview Standard attributes Issue type: issue list defined by Soffid. Description: a brief description of the issue. Status:  possible task status. There are three available statuses: New Acknowledged Solved Created on: date of creation Actions Issues query action Download CSV file Allows you to download a CSV file with the issue data. Add or remove columns Allows you to show and hide columns in the table. You can also set the order in which the columns will be displayed. The selected columns and order will be saved for the next time Soffid displays the page.  Issue detail Close Allows you to quit without applying any changes. Acknowledge Allows you to check as Acknowledged Solve issue Allows you to mark as solved the issue. Send custom email Allows you to send a custom email to one recipient. Add Comments Allows you to add comments to the Action logs. account-created 💻 Image Unlock account If you click this option, Soffil will unlock the account. Look affected accounts  If you click this option, Soffil will lock affected accounts.  Disable user If you click this option, Soffid will disable the user. disconnected-system 💻 Image discovered-host 💻 Image discovered-system 💻 Image duplicated-user 💻 Image Mege users If you click this option, Soffid will allow you to merge the identities by selecting the data of each of them. 💻 Image failed-job 💻 Image enabled-account-on-disabled-user 💻 Image Unlock account If you click this option, Soffil will unlock the account. Look affected accounts  If you click this option, Soffil will lock affected accounts.  global-failed-login 💻 Image integration-errors 💻 Image locked-account 💻 Image Unlock account If you click this option, Soffil will unlock the account. Look affected accounts  If you click this option, Soffil will lock affected accounts.  Disable user If you click this option, Soffid will disable the user. Lock affected host If you click this option, Soffid will lock the affected host. Unlock host If you click this option, Soffid will unlock the host. login-different-country 💻 Image Unlock account If you click this option, Soffil will unlock the account. Look affected accounts  If you click this option, Soffil will lock affected accounts.  Disable user If you click this option, Soffid will disable the user. Lock affected host If you click this option, Soffid will lock the affected host. Unlock host If you click this option, Soffid will unlock the host. login-from-new-device 💻 Image Unlock account If you click this option, Soffil will unlock the account. Look affected accounts  If you click this option, Soffil will lock affected accounts.  Disable user If you click this option, Soffid will disable the user. Lock affected host If you click this option, Soffid will lock the affected host. Unlock host If you click this option, Soffid will unlock the host. login-not-recognized 💻 Image Unlock account If you click this option, Soffil will unlock the account. Look affected accounts  If you click this option, Soffil will lock affected accounts.  Disable user If you click this option, Soffid will disable the user. Lock affected host If you click this option, Soffid will lock the affected host. Unlock host If you click this option, Soffid will unlock the host. otp-failures 💻 Image Unlock account If you click this option, Soffil will unlock the account. Look affected accounts  If you click this option, Soffil will lock affected accounts.  Disable user If you click this option, Soffid will disable the user. Lock affected host If you click this option, Soffid will lock the affected host. Unlock host If you click this option, Soffid will unlock the host. pam-violation 💻 Image Unlock account If you click this option, Soffil will unlock the account. Look affected accounts  If you click this option, Soffil will lock affected accounts.  Disable user If you click this option, Soffid will disable the user. Lock affected host If you click this option, Soffid will lock the affected host. Unlock host If you click this option, Soffid will unlock the host. password-changed 💻 Image permissions-granted 💻 Image Unlock account If you click this option, Soffil will unlock the account. Look affected accounts  If you click this option, Soffil will lock affected accounts.  Disable user If you click this option, Soffid will disable the user. risk-increase 💻 Image Unlock account If you click this option, Soffil will unlock the account. Look affected accounts  If you click this option, Soffil will lock affected accounts.  Disable user If you click this option, Soffid will disable the user. robot-login 💻 Image Unlock account If you click this option, Soffil will unlock the account. Look affected accounts  If you click this option, Soffil will lock affected accounts.  Disable user If you click this option, Soffid will disable the user. Lock affected host If you click this option, Soffid will lock the affected host. Unlock host If you click this option, Soffid will unlock the host. security-exception 💻 Image Disable user If you click this option, Soffid will disable the user. My applications Description My application is a part of a Soffid Self-service portal that allows end-users to start corporate applications and third party applications. Also,  the end-user can view and use the shared accounts available for the user defined on the Password vault. Applications That option shows to each user, all the Corporate and Third party Applications to which the user can connect and the applications with public access. These applications have to be configured on the Application Access Tree option by an administrator user. For more information you can visit the Application access tree page. Password Vault My Applications option shows the PasswordVault folder. On the vault folder you can find two kind of folders, one a personal folder and other a shared folder. Inside the personal folder, you can create your own accounts, those accounts will not be shared with any other user. The shared folders could be used or managed by the owner/manager/SSO users. For more information you can visit the Password vault page. Screen overview My requests Description Soffid provides a complete workflow engine that allows you to incorporate business processes or define new business processes as needed. End-users with the appropriate permissions will be able to request these processes. You can visit Self service portal examples page for more information. My request screen allows to users: on the one hand, consult the processes they have executed and view the process details and status, Query request status; on the other hand, they will be able to execute the processes for which they have been assigned the proper permissions. More information about process and workflows on BPM Editor Book Screen overview Query request status Description Displays a table with all the processes performed by the end-user. The end-user can consult processes detail and perform actions depending on the user permissions. You can visit Self service portal examples page for more information. Custom attributes Process ID: unique process identifier in the system. Process Name: generic process name Status: displays the point in progress on the defined process diagram. Depend on the process status, you could perform some operations or others. Start date: date and time the process starts End date: date and time the process ends. A process without end date it is a process in progress To view all the attributes of one process, you can access Process attributes to consult the custom attributes. Be in mind, the processes have custom attributes depending on the business process definition. Actions The operations to be performed depend on the user permission and the business processes defined with the workflow engine. You can find documentation about the business processes on BPM Editor Book. Query request status actions Reload Allows you to reload the processes list with updated data. Download CSV file Allows you to download a CSV file with all the information of the processes list. Query Filters Allows you to filter data in each column of the table. Process actions The actions to perform to each process, depend on the business process definition and the user permissions. You can find more information about the most commons process actions if you go to Process detail actions Process Search Description A process is a series of actions, connected by transitions. An action could be either an automatic action or a manual task. Soffid console is concerned about task delegation and workflow management. Any user is able to create new processes or any user can be assigned as an actor for a task belonging to a process. Process Search page allows users to search process by different criteria, to view the process details and to perform the proper actions depending on the user roles. In order to view a task, a security constraint must be accomplished. The user must have granted the observer or administrator role on the specific project version or has been assigned as a potential actor of it at some time. Screen overview Custom attributes Search attributes The search can be performed by setting certain parameters, which are as follows: Search text: search by a certain text, as user name or application, etc. Process ID: all the processes have an assigned an identifier ID. Start date: allows you to establish a date range when the process was started. Include completed: by default, tasks that have not yet been completed are displayed. By marking this flag, those who have concluded will also be shown. If you marck this flag, you could select a date range about the End date of the process. Process attributes Each process has commons attributes and specific attributes depending on the business process definition. You can find documentation about the business processes on BPM Editor Book Commons process attributes Proces Id: each proces has an unique identifier. Name: shows process name and the versión of the addon you are using. Other process information Specific process attributes: these attributes depend on the process definition. Work in progress: details the specific point in which the process and associated tasks are. You can find information about the process ID, the job description for each one of them, the start date and time, and the current status. The users with the proper roles could view the task details, browse and perform actions by clicking on it. Actions log: summary of all the successive phases through which the process has passed, providing information on the start date and time of the phase, the user (task manager) assigned, and the action that was done.Also when it is defined,  the diagram of the workflow is diplayed. Attachments:  in some cases, for example in massive user upload processes using a CSV file, files are attached to the process so that it can be executed. These files can be consulted, by downloading or opening them directly, from this page. Additionally, if needed, it is possible to see the certificates used by the process owner. Comments:  displays the comments added by the user who initializes or performs actions on the process. Actions Process query actions Actions to be performed on the process list: Search Allows you to query the processes with the indicated parameters. Download CSV file Allows you to download a CSV file with the list of processes. You can open the hamburger icon and Download CSV File. Table Filters Allows you to filter data in each column of the table. Process detail actions Each process has a specific action defined on the business process definition. You can find documentation about the business processes on BPM Editor Book The most commons actions are below: Close Allows you to close the process detail page and return to the previous page. Reload Allows you to reload all process data with the updated data. Take ownership Allows you to take the ownership to approve o deny the process. Approve Allows you to approve the process and perform the actions defined for that process. Deny Allows you to reject the process. Work in progress actions Edit task Allows you to edit a task by clicking on the record. When you click the task, you will browse to the task detail and it will be allowed to perform actions defined to users with the proper permissions. Attachments Download Allows you to download the available attached files. My accounts Description My Account is a part of Soffid's self-service portal that allows end-users to access and manage their personal accounts. That option displays to each user, all their personal accounts and allows to set and query the password of each account. Screen overview Standard user attributes System: target sistem for which this account has been created System description: a brief description of the system. Name: user account name. Actions: available actions. Actions Set password Allows you to set a new password for this account. That change will apply to different target systems. The new password must comply with the password policies definied. Query password Allows you to query and copy the password and the user name. Download CSV file Allows you to download a CSV file with all the information about your accounts. My OTP devices Description My OTP devices are part of a Soffid Self-service portal that allows end-users to access their OTP devices configured. That option display to each user, all their OTP devices and also allows you to manage those and add new OTP devices. This option will only be available if the OTP addon is installed in the Soffid console. Visit the Two factor authentication book for more information Screen overview Standard attributes Name: automatic name assigned to the OTP device Created: created date and time. Last use: last used date and time. Status Created Enabled Locked Disabled Actions Add Allows you to add a new OTP device. To add new OTP devices you need to click the add button (+), then Soffid will display a new wizard to config the OTP devices. First of all, you need to select the OTP device Type, once the type is selected, you need to fill in the required fields, which depend on the Type selected. If you select an Event-based or Time-based HMAC Token, you will need to scan the QR code and write the PIN. Finally, you must Apply changes. Delete Allows you to delete one or more OTP devices. To delete OTP devices first select the devices, then click on the subtract button (-), then Soffid will ask you to confirm or cancel the operation. My certificates and FIDO tokens Description My certificates and FIDO tokens are part of a Soffid Self-service portal that allows end-users to access their OTP devices configured. That option displays to each user, all their certificates and FIDO tokens and allows also to manage those and add new certificates and FIDO tokens. Screen overview Standard attributes Type: there are two available options: Certificate. FIDO token. Soffid Authenticator Actions Add Allows you to add new certificates and FIDO tokens. To add new ones you need to click the add button (+), and then Soffid will display a new wizard to configure the certificates and FIDO tokens. First of all, you need to select the Type, once the type is selected, you need to follow the required steps which depend on the Type selected. Delete Allows you to delete one or more certificates and FIDO tokens. To delete certificates or FIDO tokens first you must select the certificate or FIDO token, then click on the subtract button (-), then Soffid will ask you to confirm or cancel the operation. My Profile Description My Profile is a part of a Soffid Self-service portal that allows to end-users config their own profile, update the user info and preferences, change their password, and recover questions. To display My Profile page you need to click on the config icon and then click My Profile on the options menu. Then Soffid displays a new window that will allow end users to configure their profiles. Screen overview Basic tab Change password Authorizations tab Application consents tab Standard attributes Basic User Info Last login: date and time of the user's last login. Last IP connection: IP of the user's last login. Change password: allows end-users to change their password. Password recovery questions: allows end-users to config their own questions to recover their passwords. For more info about password recovery, you can visit the Password recovery questions page. Preferences Language: allows end-users to select their preferred language. Time Zone: allows end-users to select their time zone. Date format: allows end-users to select the format date. Sample: displays how the date will be displayed in Soffid Console Time format: allows end-users to select the format time Sample: displays how the time will be displayed in Soffid Console Authorizations Display a list with the user authorizations. Role Authorization [domain value] Scope Domain value Application consents Displays a list of all the user's consents given, and the user can see all of them. Users can remove the consent at any time as well. When the user connects to a new application, the IdP will indicate which data will be shared with this application. That information is defined in the Attribute sharing policies page of the Federation. For more info about password recovery, you can visit the Attribute sharing policies page.