Setup IdentifyMe

Introduction

This topic describes how to set up and try IdentifyMe out.

How to apply license file

You need to have a license file that allows you to use IdentifyMe's features. In this example, the license file covers IdentifyMe and IdentifyMe reset password features.

identifyme-license

For each Identify instance, you must acquire a license file from Safewhere.
You then need to drop the license file into the bin folders of your newly created Identify instance.
Given that you install Identify installer at the default directory C:\Program Files\Safewhere\ , you need to put the license file to:

  • C:\Program Files\Safewhere\Tenants[your_tenant]\admin\bin
  • C:\Program Files\Safewhere\Tenants[your_tenant]\runtime\bin
  • C:\Program Files\Safewhere\Tenants[your_tenant]\selfservice

The license can also be put in the C:\Windows\System32 folder.

Set up IdentifyMe connection

Firstly, you need to create an OIDC connection for the IdentifyMe application:

Identifyme-create-connection

After that, you can access https://[IDENTIFY_DOMAIN_NAME]/selfservice to use the IdentifyMe application.

IdentifMe-url

Set up IdentifyMe settings

By default, no features are enabled for IdentifyMe for the sake of security. You can enable them on the System Settings page:

IdentifyMe-settings

You can learn more about the features that are controlled by the Users can reset their passwords, Users can edit their display names, Users can edit their certificates, and Users can access their profile pages at the User profile page. Similarly, the Manage authenticators page explains the features that the Users can reset or register their WebAuthn authenticators and the Allow users can register or reset their WebAuthn authenticators settings control.

Example setup

The goal of this example is that users can log in to the IdentifyMe application using a local account and try all of its features, presuming that you have created the connection for the IdentifyMe application as described above, enabled all features, and have deployed a valid license file.


Note: by default, the IdentifyMe application can use the default Username & Password connection to log in which should be used for testing purposes only. In reality, it is recommended that you configure an Identity Provider option with a high level of assurance to log in to IdentifyMe.


Create OTP connections

You can refer to this topic to create OTP Identity Provider connections used for T-OTP authenticator and WebAuthn authenticator. Remember to enable them to be used on IdentifyMe.

  • T-OTP authenticators

TOTP-enable

  • WebAuthn authenticators

webauthn-enable

IdentifyMe Login

After logging in to the IdentifyMe application, you can click on one of the cards on the homepage to use:

totp-authenticator-homepage