Manage WSO2 Identity Server Console access

The WSO2 Identity Server Console is a pivotal point for managing identity and access within your organization. It provides a comprehensive interface for configuring and managing users, groups, roles, and various identity services. To ensure a secure and efficient management process, it is crucial to configure access to the console appropriately. This section outlines the steps to access the console and how to manage access based on user roles.

Accessing the WSO2 Identity Server Console

To access the WSO2 Identity Server Console, you need to have the required permissions and the URL of the Console. This can be achieved by navigating to the console through a web browser using the following URL format:

https://<hostname>:<port>/console

For example, if you are using the default host and port, the URL will be https://localhost:9443/console.

Upon navigating to this URL, you will be presented by the login screen of the WSO2 Identity Server. Use your credentials to log in to the Console.

Note

The default credentials for an administrative user is as follows. It is crucial to change these default credentials before deploying the server in any production environment. Using default login information can pose a significant security risk, making the system vulnerable to unauthorized access. Learn more about changing the super admin password

Username: admin
Password: admin

Configure Console login

Just like any other application registered in WSO2 Identity Server, you can customize the login flow of the Console using any configured connection.

Note

Learn about the connections supported in WSO2 Identity Server and how to configure them in the Authentication section.

To customize login for the Console,

1. Sign in to the WSO2 Identity Server Console and click Console Settings.

2. Go to the Login Flow tab and configure the login flow from your preferred editor:

   Classic EditorVisual Editor

   • Click Add Authentication on a step, select a connection from the list and click Add. You can add multiple connections to the same step.

     

   • Click the + icon on the login flow if you wish to add an additional authentication step and repeat the above.

   • Turn on the Conditional Authentication toggle if you wish to customize authentication using a script.

     Note

     Refer to Add conditional authentication to learn more about conditional authentication scripts.

   • Switch to the Visual Editor tab.

   • Click Add Sign In Option, select a connection from the list and click Add. You can add multiple authentication methods to the same step. (Alternatively, go to Predefined Flows > Basic Flows to quickly add a login flow.)

     

   • Click the + icon on the login flow if you wish to add an additional authentication step and repeat the above.

   • Turn on the Conditional Authentication toggle if you wish to customize authentication using a script.

     Note

     Refer to Add conditional authentication to learn more about conditional authentication scripts.

3. Click Update to save the changes.

Manage Console roles

Roles are a collection of permissions. You can create roles and assign users and groups to them so that they gain limited access to Console features. Follow the sections below to learn about managing Console roles.

Create a role

Important

Roles created here are roles for the Console application which are solely for the purpose of limiting features of the Console. You can define organization level roles and roles for other applications in User Management > Roles. Refer to Manage roles to learn more.

To create a role for the Console,

1. Sign in to the WSO2 Identity Server Console as an administrator and click Console Settings.

2. Select the Roles tab and click New Role.

3. Provide the following details for the role.

   

   Role Name	Provide a meaningful name that describes the level of access the role has to the Console e.g. application:read
   Tenant Permissions	Select the permissions the role has for the root organization. For each Console component, Select View if you wish to assign read permissions for the component. Select Edit if you wish to assign read, create, update and delete permissions for the component.
   Organization Permissions	Select the permissions the role has for the child organizations. For each Console component, Select View if you wish to assign read permissions for the component. Select Edit if you wish to assign read, create, update and delete permissions for the component.

   Note

   When choosing tenant and organization permissions, selecting View or Edit for a given Console component gives the role access to several scopes pertaining to it. For example, if you select Applications and assign the View permission, the role will be assigned the following scopes.

   

4. Click Add to save the role.

Assign users/groups to a role

To assign a user or a group to a role,

1. On the WSO2 Identity Server Console, click Console Settings.

2. Go to the Roles tab and select the role you wish to assign.

3. Do one of the following:

   • To assign a user:

     • Go to the Users tab and click Assign Users

     • Choose a user store and select the relevant user.

       

     • Click Update to assign the user.

   • To assign a group:

     • Go to the Groups tab.

     • Select a relevant local group.

       

     • Click Update to assign the group.

Delete a role

To delete a role:

1. On the WSO2 Identity Server Console, go to Console Settings > Roles.

2. Click the trash icon next to the role you wish to delete.

3. Select the checkbox and confirm your action.

Manage administrators

Users who are assigned to one or more Console roles created above, are listed under the Administrators tab in Console Settings. For instructions on managing administrators, refer to manage administrators.