Configure My Account Application¶
The My Account application can be configured by modifying the deployment.toml
file (stored in the <IS_HOME>/repository/conf
directory).
[myaccount]
app_base_name = "myaccount"
client_id = "MY_ACCOUNT"
login_callback_path = "/login"
logout_callback_path = "/login"
route_paths.home = "/overview"
route_paths.login = "/login"
route_paths.logout = "/logout"
product_version.configs.versionOverride = ""
authenticator_app_configs.enabled = true
ui.announcements = []
ui.app_copyright = "WSO2 Identity Server"
ui.app_title = "My Account | WSO2 Identity Server"
ui.app_name = "My Account"
ui.app_logo_path = "/assets/images/logo.svg"
ui.product_name = "Identity Server"
theme = "default"
applications.enabled = true
applications.disabled_features = []
applications.scopes.create = []
applications.scopes.read = []
applications.scopes.update = []
applications.scopes.delete = []
operations.enabled = true
operations.disabled_features = []
operations.scopes.create = []
operations.scopes.read = ["internal_humantask_view"]
operations.scopes.update = []
operations.scopes.delete = []
overview.enabled = true
overview.disabled_features = []
overview.scopes.create = []
overview.scopes.read = []
overview.scopes.update = []
overview.scopes.delete = []
personal_info.enabled = true
personal_info.disabled_features = ["profileInfo.mobileVerification"]
personal_info.scopes.create = []
personal_info.scopes.read = []
personal_info.scopes.update = []
personal_info.scopes.delete = []
security.enabled = true
security.disabled_features = []
security.scopes.create = []
security.scopes.read = []
security.scopes.update = []
security.scopes.delete = []
session.params.userIdleTimeOut = 600.0
session.params.userIdleWarningTimeOut = 580.0
session.params.sessionRefreshTimeOut = 300.0
session.params.checkSessionInterval = 3.0
Note
In WSO2 5.11.0 onwards, the My Account application is readonly
by default. To make the callback URLs configurable, add the following configuration to the deployment.toml
file.
[system_applications]
read_only_apps = []
Configure basic settings¶
The following basic settings can be configured.
Parameter | Description | Default Value |
---|---|---|
app_base_name |
The name of the app as it should appear in the URL. For instance, with the default app_base_name , the app can be accessed via https://localhost:9443/myaccount/ |
"myaccount" |
client_id |
This is the client ID of the application in WSO2 Identity Server. | MY_ACCOUNT |
login_callback_path |
This is the URL to which the user should be redirected after user authentication. | login |
logout_callback_path |
This is the URL to which the user should be redirected after the user is logged out. | login |
Customize My Account¶
The My Account application can be customized to be consistent with the branding of the business. The following attributes can be modified to brand the My Account application.
Parameter | Description | Default Value |
---|---|---|
ui.product_name |
This is the name of the organization and is displayed in the app header next to the logo. | WSO2 Identity Server |
ui.app_copyright |
This is the copyright information that is displayed in the footer of the application. | WSO2 Identity Server |
ui.app_title |
This is the HTML title of the application. This is the name that appears in the browser tab. |
My Account |
ui.app_name |
This is the name of the application and it appears in the header following the name of the organization. | My Account |
ui.app_logo_path |
This is the path to the logo that is displayed in the header. The logo of the application can be changed by assigning the path of a custom logo to this attribute. | /assets/images/logo.svg |
Change the theme of the application¶
Custom themes can be applied to the My Account application.
Parameter | Description | Default Value |
---|---|---|
theme |
Once a theme is created, the one that the application should use can be specified as the value to this parameter. | default |
Configure session information¶
Parameters such as how often the state of the session should be checked, how long a user should be allowed to remain idle etc., can be configured using the following attributes.
Parameter | Description | Default Value |
---|---|---|
session.params.userIdleTimeOut |
This specifies the number of seconds a user is allowed to remain idle after which they will be logged out automatically. | 600 |
session.params.userIdleWarningTimeOut |
This specifies how long, in seconds, a user needs to be idle before a warning notification is displayed. | 580 |
session.params.sessionRefreshTimeOut |
This specifies how often the session should be refreshed. | 300 |
session.params.checkSessionInterval |
This specifies how often the session state should be checked. | 3 |
Disable using authenticator app as an authentication factor¶
WSO2 Identity Server allows multi-factor authentication via SMS, Security Key/Biometrics (FIDO), and authenticator applications.
Attribute | Description | Default Value |
---|---|---|
authenticator_app_configs.enable |
The use of the authenticator app can be disabled by setting this parameter to false . |
true |
Enable and disable application features¶
My Account has several features and those features, in turn, have several sub features. These features can be configured by applying configurations in the following format.
<feature>.enabled = true
<feature>.disabled_features = []
<feature>.scopes.create = []
<feature>.scopes.read = []
<feature>.scopes.update = []
<feature>.scopes.delete = []
- The
<feature>.disabled_features
parameter is used to disable sub features belonging to a feature. - The
<feature>.enabled
parameter can be used to toggle the feature as a whole. For instance, by setting the<feature>.enabled
parameter of theoverview
feature, you can disable theoverview
feature as a whole. -
The
<feature>.scopes
parameter is used to specify the scopes that a user should be allowed in order to access the concerned feature. The<feature>.scopes
parameter has the following sub-attributes and each sub-attribute takes an array of scopes.<feature>.scopes.create = [] <feature>.scopes.read = [] <feature>.scopes.update = [] <feature>.scopes.delete = []
If you want a user to have a certain scope(s) to be able to create an application, then you can specify that/those scope(s) within the
application.scopes.create
array of the application feature.
The features¶
These are the five features in My Account.
- Overview
- Personal Info
- Security
- Applications
- Operations
1. Overview¶
The overview feature can be configured as follows:
[myaccount]
overview.enabled = true
overview.disabled_features = []
overview.scopes.create = []
overview.scopes.read = []
overview.scopes.update = []
overview.scopes.delete = []
The overview feature has the following sub-features that can be disabled using the overview.disabled_features
parameter:
Sub-feature | Description |
---|---|
overview.accountStatus |
The widget that shows the account status in the overview page. |
overview.accountActivity |
The widget that shows the account activity in the overview page. |
overview.accountSecurity |
The widget that shows the account security information in the overview page. |
overview.consents |
The widget that shows the consent information in the overview page. |
2. Personal Info¶
The Personal Info feature can be configured as follows:
[myaccount]
personal_info.enabled = true
personal_info.disabled_features = ["profileInfo.mobileVerification"]
personal_info.scopes.create = []
personal_info.scopes.read = []
personal_info.scopes.update = []
personal_info.scopes.delete = []
The Personal Info feature has the following sub-features that can be disabled using the personal_info.disabled_features
parameter:
Sub-feature | Description |
---|---|
profileInfo.linkedAccounts |
The Linked Accounts section in the Personal Info page. |
profileInfo.externalLogins |
The External Logins section in the Personal Info page. |
profileInfo.exportProfile |
The Export Profile section in the Personal Info page. |
3. Security¶
The security feature can be configured as follows:
[myaccount]
security.enabled = true
security.disabled_features = []
security.scopes.create = []
security.scopes.read = []
security.scopes.update = []
security.scopes.delete = []
The Security feature has the following sub-features that can be disabled using the security.disabled_features
parameter:
Sub-feature | Description |
---|---|
security.changePassword |
The Change Password section of the Security page. |
security.accountRecovery |
The Account Recovery section of the Security page. |
security.accountRecovery.challengeQuestions |
The Challenge Questions section under the Account Recovery section of the Security page. |
security.accountRecovery.emailRecovery |
The Email Recovery Section under the Account Recovery section of the Security page. |
security.mfa |
The Multi-factor Authentication section of the Security page. |
security.mfa.sms |
The SMS feature of the Multi-factor Authentication section of the Security page. |
security.mfa.fido |
The Device feature of the Multi-factor Authentication section of the Security page. |
security.mfa.totp |
The Authenticator App feature of the Multi-factor Authentication section of the Security page. |
security.activeSessions |
The Active IDP Sessions section of the Security page. |
security.manageConsents |
The Manage Consents section of the Security page. |
For example, do the following to disable the Active Sessions section.
4. Applications¶
The applications feature can be configured as follows:
[myaccount]
applications.enabled = true
applications.disabled_features = []
applications.scopes.create = []
applications.scopes.read = []
applications.scopes.update = []
applications.scopes.delete = []
The applications feature does not have a sub-feature.
5. Operations¶
The operations feature can be configured as follows
[myaccount]
operations.enabled = true
operations.disabled_features = []
operations.scopes.create = []
operations.scopes.read = ["internal_humantask_view"]
operations.scopes.update = []
operations.scopes.delete = []
The operations feature has no sub-features.
Top