Protected self-service UIs

The plugin Loginapp >> UI Settings >> Protected Self-Service UIs configures UI components for protected self-services. These are arbitrary self-services that are only available after successful authentication (therefore the term protected).

Examples

  • Airlock 2FA device management
  • FIDO token registration
  • Cronto token management
  • mTAN token management
  • Change postal address
  • Change email address
  • Self-lock the user account
  • Manage logged-in browsers or devices.
  • Activate Digipass OTP token

Types of protected self-service UIs

There are two types of protected self-service UIs:

Type

Description

Flow

Flow-based self-services can implement any self-service flow. The flow UI settings provide UI components for each flow configured in the REST service settings.

Flow-based self-services are typically used to change data (e.g. assign or delete an authentication token, change user profile data, etc.).

Non-flow

Non-flow-based self-services are typically used to provide information about the user without changing data. Example: display Airlock 2FA tokens of a user.

Prerequisites

REST services backing the protected self-service flow UIs are configured in
Loginapp >> Protected Self-Services >> Protected Self-Service Flows.

REST services backing non-flow-based self-service UIs are configured in
Loginapp >> Protected Self-Services.

Flow-based self-service UIs

For each self-service flow in the REST service configuration, a Protected Self-Service UI plugin may be configured. Selected properties are described below. Please refer to the property documentation in the Config Editor for further information and on other properties.

Property

Description

Flow ID

Links the UI to a self-service flow.

Customized Step UIs

The UI is automatically inferred from the REST service configuration. This property allows specifying custom step UIs for each step in the flow.

Completion Target

Defines where to redirect the browser after the self-service flow has successfully completed.

This may be an internal page (e.g. Airlock 2FA device list), an external URL, or a target application. To go to a target application, use the corresponding Authentication Flow Redirect (it knows about authorization and identity propagation).

Cancellation Target

Defines where to redirect the browser if the self-service flow has been canceled.

 
Info

URLs of protected self-service flows

The URL for a self-service flow with ID <flow-id> is

<loginapp-uri>/ui/app/protected/select/flow/<flowId>

Non-flow-based self-service UIs

There is no generic approach to non-flow-based self-service UIs. Specific UI configuration are configured in Loginapp >> Loginapp UI >> Protected Self-Service UIs (e.g. Airlock 2FA).

 
Info

URLs protected non-flow services:

<loginapp-uri>/ui/app/protected/tokens/airlock-2fa/devices

<loginapp-uri>/ui/app/protected/tokens/mtan/

URIs of demo configuration

The demo configuration provides many pre-configured protected self-services. The URLs can be used to try them out in the browser.

 
Info

URLs protected services in the demo configuration:

Airlock 2FA token self-management

  • <loginapp-uri>/ui/app/protected/tokens/airlock-2fa/devices
  • <loginapp-uri>/ui/app/protected/select/flow/activate-app-device

Cronto token self-management

  • <loginapp-uri>/ui/app/protected/tokens/cronto/devices
  • <loginapp-uri>/ui/app/protected/select/flow/cronto-activation
  • <loginapp-uri>/ui/app/protected/select/flow/cronto-letter-order

mTAN token self-management

  • <loginapp-uri>/ui/app/protected/tokens/mtan/
  • <loginapp-uri>/ui/app/protected/select/flow/mtan-registration

Other self services

  • <loginapp-uri>/ui/app/protected/select/flow/password-change
  • <loginapp-uri>/ui/app/protected/select/flow/fido-registration
  • <loginapp-uri>/ui/app/protected/select/flow/address-change
  • <loginapp-uri>/ui/app/protected/select/flow/email-change
  • <loginapp-uri>/ui/app/protected/select/flow/vasco-activation
  • <loginapp-uri>/ui/app/protected/remember-me/devices
  • <loginapp-uri>/ui/app/protected/flow/self-lockout