Overview
The purpose of this web application is to provide an easy-to-use interface for common "tier 1" support tasks, typically performed by a Help Desk within a company's IT organization.
This web application is designed for internal (corporate) use and includes several self-management features such as:
- Activate/license users
- View and manage account information such as email, mobile phone numbers, etc...
- Reset LDAP password
- Send password reset or token registration links
- Enroll, re-synchronize and test a Software / Hardware / Yubikeys tokens and FIDO2/Passkeys devices
- Manage user certificates
- Manage SSH keys (SpanKey)
Administration HelpDesk
web application must be installed on your WebADM server(s) and can be accessed through WAProxy or another reverse proxy configured with WebADM.
Installations
The installation of the Administration Help Desk
is straightforward and only consists of running the self-installer or installing it from the RCDevs repository.
RPM Repository
On RPM based systems, you can use RCDevs repository, which simplifies updates.
Clean yum cache and install the Administration HelpDesk
(HelpDesk):
dnf clean all
dnf install helpdesk
The Administration Help Desk
application is now installed.
Debian Repository
On Debian based system, you can use RCDevs repository, which simplifies updates.
Clean cache and install the Administration Help Desk
(HelpDesk):
apt update
apt install helpdesk
The Administration Help Desk
application is now installed.
Self-Installer
Download the Administration Help Desk
package from the RCDevs website, copy it on your WebADM server(s) and run the following commands:
[root@webadm1 tmp]# gunzip helpdesk-1.1.3.sh.gz
[root@webadm1 tmp]# sh helpdesk-1.1.3.sh
HelpDesk v1.1.3 Self Installer
Copyright (c) 2010-2024 RCDevs SA, All rights reserved.
Please report software installation issues to bugs@rcdevs.com.
Verifying package update... Ok
Install HelpDesk in '/opt/webadm/webapps/helpdesk' (y/n)? y
Extracting files, please wait... Ok
Removing temporary files... Ok
HelpDesk has been successfully installed.
Administration Help Desk
is now installed and can be configured under the WebADM Admin GUI.
Administration Help Desk Configuration
Once the package is installed, the web application must be enabled and configured in WebADM. Log into WebADM as Administrator and navigate to Applications
Tab > Self-Service
> Administration Help Desk (HelpDesk)
> Register
.
The registration action creates the configuration object inside the WebADM config container. Once the object is created, you can begin configuring the Help Desk application.
Click the Configure
button to access the Help Desk configuration. The first section contains the default Web Application Settings
, similar to other web applications provided by RCDevs. Since the Administration Help Desk
application provides administrative access to the system, it is strongly advised to limit the access to it only to trusted networks and to protect the login with a second factor. With this in mind, the application can be published through the WebADM Publishing Proxy with the setting Publish on WAProxy
. This setting is only available when WAProxy is configured with WebADM.
The next section contains the main configuration of the application.
The Admin Groups
setting must be configured before the application can be used. This setting is specific to each deployment, so there is no default value. To configure it, click the Select
button; the LDAP tree on the left will become selectable. From there, you can click on the desired group(s) you want to provide access to the Help Desk portal. In this example, integrated with Active Directory, the Domain Admins
group will be used, but you can create a dedicated group or use another existing one as needed. In that section, only this setting is mandatory. All the Administrator groups must be defined at the application configuration level. The administrators trying to access the Help Desk portal must be activated in WebADM.
The User Search Scopes
setting can be defined at various levels, including the default configuration, user settings, and group settings. Multiple scopes can be configured, and they follow the same hierarchical logic as policies in WebADM. If this setting is overridden at a higher level, it will take precedence over values from lower levels. For large organizations with multiple offices or companies, where user administration needs to be segregated per company or per office, it is advisable to define this setting at the group level.
The User Search Attributes
setting is also mandatory, but it comes with default values. This setting defines the LDAP attributes that are searched when you perform a user search in the Administration Help Desk portal. It is important to adjust this setting to match the attributes that are most relevant for searches within your LDAP directory.
The next section named Allowed Features
allow you to define which features will be available through the Help Desk portal.
The Allow User Activation
setting enables Help Desk administrators to activate and deactivate users in terms of licensing. Deactivating a user will remove WebADM data and settings stored in the user’s account.
The Allow User Infos Management
setting enables Help Desk administrators to edit certain user attributes, such as mobile number, email address, and preferred language.
The Allow OTP Management
setting allows Help Desk administrators to configure an authentication method for a user account. This setting is defined at the user level in WebADM and may be overridden by settings enforced at a higher level, such as client policy levels.
The Allow SSH Management
setting enables Help Desk administrators to configure private key settings, such as key format and length, when issuing an SSH key pair. If not specified, these settings will be inherited from the Spankey server configuration.
The Allow PKI Management
setting enables Help Desk administrators to manage end-user certificates, including issuing and revoking certificates for users.
The Allow Webapp Access Unlock
setting allows Help Desk administrators to unlock access to specific web applications, such as Secure Password Reset or the User Self-Service Desk, when access is locked by default in its configuration. This may require an unlock action from either a WebADM Administrator or a Help Desk administrator.
The Allowed OTP Methods
setting is linked to the Allow OTP Management
setting. When Allow OTP Management
is enabled, you can specify which types of authentication methods can be configured for a user. However, if this setting is defined at the user level in Help Desk, it may be overridden by settings enforced at a higher level, such as client policy levels.
The Allowed Self-Registration
setting defines which types of registrations can be performed by a Help Desk administrator:
Token
: Refers to all software or hardware tokens.LIST
: Refers to OTP lists.FIDO
: Refers to FIDO2 security keys or PassKeys.APPKEY
: When a client policy is configured with theApplication Password
setting, a password for that specific application can be generated.SSHKEY
: Refers to SSH key pairs that can be issued for Spankey usage.
The Max Tokens Per User
setting defines the maximum number of tokens that can be registered for a user through the Help Desk application.
We are now entering the OTP Token Management
section.
The Allowed OTP Token Type
give the possibility to limit which types of OTP tokens can be registered through the Help Desk portal. Select the token types you wish to allow.
The Default Token Type
setting enforces a default view on the selected token type. For example, if QRCODE-TOTP
is selected, when a Help Desk administrator attempts to add a token for a user, the focus will automatically be on QRCODE-TOTP
. The administrator will need to click the Back
button to register a different Token Type
.
The Automatically Send PIN
setting can be used when Push Token QR Codes are sent by email to end users. In this scenario, the QR code is an enrollment QR code and is protected by a PIN. The PIN must be entered after scanning the QR code with the OpenOTP Token application to complete the token enrollment.
The PIN message
is the message sent with the PIN that protects the QR code. You can customize it if desired.
The settings under Emergency OTP Management
define the availability and duration of Emergency OTPs when they are registered through the Administration Help Desk
.
The settings under SSH Key Management
define which types of SSH keys can be registered.
The settings under Message Templates
allow you to customize the message attached to a QR code enrollment request sent by email to the end user.
The Mail Attachment
setting provides the ability to attach a PDF to the email sent to the end user for enrollment requests.
In the Misc Settings
section, you can configure the support email address.