Overview

The purpose of this web application is to provide an easy-to-use interface for the most common "tier 1" support task, typically performed by a Help-Desk function in a company IT organization.

This Web application is designed for internal (corporate) use and includes several self-management features like:

  • Activate users for OpenOTP use
  • View and manage account information such as email, mobile phone numbers, etc...
  • Reset LDAP password
  • Send password reset or token registration links
  • Enroll, re-synchronize and test a Software / Hardware Token or Yubikey
  • Manage user certificates
  • Manage SSH keys (SpanKey)

Administration Help Desk web application must be installed on your WebADM server(s) and can be accessed through WAProxy or another reverse proxy configured with WebADM.

Please see the Helpdesk Installation and Configuration for further details.

The HelpDesk application is accessible via the following address:

https://webadm_server_address/webapps/helpdesk/login_uid.php

and through the WAProxy it is:

https://waproxy_or_reverse_proxy_address/helpdesk/login_uid.php

Dashboard

Log in to the Help Desk application portal using an administrator account defined in the Help Desk configuration. After logging in, you will be directed to the home page, which looks like this:

helpdesk

When searching for a user, the LDAP search is based on the attributes configured in the User Search Attributes and User Search Scope settings. You must type at least 3 characters for the search to be automatically triggered and auto-fill the response if only one account matches your search. If multiple accounts match, a dropdown list containing the matching accounts will be displayed.

helpdesk

Once the account is found, click the Select button to access the account details.

User Activation

If the user account is not yet activated (licensed), you must activate it before proceeding with any other actions in the Help Desk portal.
Click on Activate button:

helpdesk

After activating the account, you will be taken to the user's Dashboard (Home) page.

helpdesk

OTP Tokens management

Click on the OTP tab for the user you want to register an OTP token. The following page will appear, with available actions based on the permissions set in the Help Desk configuration.

helpdesk

In the User Security Token/Keys section, click the Add Token button to begin the token registration process.

If you have not configured a Default Token Type in your Helpdesk settings, you will be prompted to choose the type of token you want to register.

helpdesk

If you have configured a Default Token Type in your Helpdesk settings, it will be pre-selected for registration.

helpdesk

The user can scan the QR code to enroll their OTP token. They must optionally provide the One-Time Password and click Register if the token is not a Push Token.

If Push Token mode is enabled, the enrollment process will proceed automatically after scanning the QR code with the OpenOTP Token application. With Push Token mode enabled, you can also:

  • Submit the QR code enrollment by email.
  • Download the QR code.

In both scenarios, the enrollment session associated with the QR code is protected by a PIN code, which must be configured and which is valid for the duration specified. Once the enrollment is complete, you will return to the previous screen. Click on the Home tab to return to the user profile view and see the enrolled token.

helpdesk

To enroll a hardware token, it must first be inventoried in WebADM. Simply provide the token's serial number, assign it to the user account, and click Register.

helpdesk

To enroll a YubiKey token, it must first be inventoried in WebADM or registered with the YubiCloud validation server. If using the YubiCloud validation server, it must be configured in the OpenOTP settings beforehand. Complete the enrollment by pressing the YubiKey.

helpdesk

For enrolling any other token types, follow the provided instructions.

helpdesk

To remove a token from the user account, click the trash icon next to the corresponding token.

FIDO2 & PassKeys management

Click on the FIDO tab for the user you want to register a FIDO2 token or PassKey. The following page will appear, with available actions based on the permissions set in the Help Desk configuration.

helpdesk

You can optionally provide a Friendly Name to identify the device you are registering. Then, click the blinking orange message to start the FIDO registration process.

Depending on your web browser, the options may vary. For example, when using Safari on a macOS device, you might see several enrollment choices:

  • Use the iCloud Keychain
  • Use a Passkey from iOS or Android devices
  • Use a security key

Select the option you prefer and follow the prompted instructions.

helpdesk

After the enrollment, you will see the registered device listed.

helpdesk

After registering a FIDO2 security key, a second device will appear in the list of registered devices:

helpdesk

To remove a FIDO or Passkey from the user account, click the trash icon next to the corresponding enrollment.

SSH Keys management

Click on the SSH tab for the user you want to register an SSH key for Spankey usages. The following page will appear, with available actions based on the permissions set in the Help Desk configuration.

helpdesk

The SSH key can be directly registered by the Help Desk administrator, who will then provide the key to the end user. Alternatively, the administrator can submit a SelfReg link, granting the end user access to the User Self-Registration portal, where they can enroll their key themselves. Of course, the Self-Registration portal must be installed and configured to allow SSH key registration.

In the example below, we select the option to generate an SSH key. If permitted by yatour Help Desk and Spankey server configurations, you can configure the Key Format and Key Length. Additionally, the key can be protected by a password. If a password is configured, you will need to provide it when using the SSH private key to log in to a system. Choose your export format and click Register

helpdesk

After the registration process, you will be redirected to the SSH tab view.

helpdesk

To remove an SSH from the user account, click the Remove Key button.

User Certificate management

Click on the PKI tab for the user you want to register an SSL certificate. The following page will appear providing you the following options:

  • Download the CA certificate (WebADM CA certificate);
  • Import a certificate;
  • Add a new certificate
helpdesk

When adding a new certificate, you can optionally provide:

  • A validity period in days. If not specified, it will default to the values configured in the Rsignd settings.
  • Enable S/MIME for email signing and encryption.
  • Enable Smartcard login support for the certificate.

Configure the desired settings and click the Add New Certificate button. The p12 bundle will be automatically downloaded and protected by a password

helpdesk

The password will be displayed at the bottom of the page after the certificate has been issued.

You can remove or renew the certificate by clicking the trash or renew icons. To download the public part of the certificate, click the Download icon. The private key of a registered certificate can not be re-downloaded.