Administration

Administration on the Unifyia platform is managed by administrators. The role of administrators is very crucial and well defined in the Unifyia platform. However, the platform allows organizations to customize the access privileges and responsibilities of an administrator.

During the deployment of the Unifyia platform, a default system (platform) administrator is created. Once the Unifyia platform is up and running, this system administrator logs into the platform and creates other administrators with appropriate access privileges and also other privileged roles such as Sponsors, Registrars, Security Officers, Adjudicators, Identity Issuers, Helpdesk Operators, Operators, etc. as per the organization's access policies. This account usually has elevated privileges and is responsible for setting up the system, configuring user roles, and ensuring that other necessary administrative accounts are created. On a broader scale, this role has the ability to configure the application's security, manage roles, and grant or restrict access based on the organization's needs in addition to the various policies, configurations, integrations, and reports that it needs to complete the system set up.

It is highly recommended that the default system administrator register for at least one passwordless authentication method during their initial login using system-generated credentials (email and password) to ensure secure access and account personalization. Administrators can choose to create a new password, register a passkey (FIDO2), or configure OTP-based login with authenticator apps such as Google Authenticator or Microsoft Authenticator to access the platform. For detailed instructions, refer to the Administrator Login tutorial on setting up passwordless authentication.

Administrators are responsible for implementing the organization's user, identity, and access management policies in alignment with its overall identity and access management framework. Their primary responsibilities include:

Administrator General Responsibilities

  1. Customize the platform to align with the organization's branding guidelines.
  2. Upload an issuer content signing certificate to the database.
  3. Integrate directories to enable user federation.
  4. Configure certificate authorities for issuing digital certificates.
  5. Set up email and SMS services.
  6. Configure system-wide notifications for general and privileged users.
  7. Define and enforce role-based access management policies to ensure users have appropriate permissions while maintaining data security and compliance.
  8. Establish sign-in policies for users.
  9. Develop and implement multi-factor authentication policies.
  10. Manage authentication mechanisms, including SSO solutions, to ensure seamless and secure access to applications and systems.
  11. Configure passkey (FIDO2) policies to enable phishing-resistant, passwordless authentication.
  12. Set up groups, device profiles, and visual designs.
  13. Configure workflows to define user provisioning, identity issuance, and credential lifecycle policies.

Administrator Additional Responsibilities

  1. Integrate identity providers for identity federation.
  2. Integrate applications to enable single sign-on (SSO).
  3. Automate user provisioning and de-provisioning using the SCIM protocol for enterprise integration.
  4. Use custom APIs to integrate Identity Providers (IdPs) for user provisioning.
  5. Establish and maintain an identity governance framework, including generating compliance reports for periodic access reviews, monitoring user activity, and ensuring regulatory compliance.
  6. Investigate and resolve identity-related incidents, troubleshoot access issues, and support privileged users in managing their access credentials.

Creating Privileged Users

The platform enables administrators to sponsor, enroll, manage, adjudicate, and disable privileged user accounts, ensuring proper access levels throughout the user's lifecycle within the organization. They can create and enroll additional administrators or privileged users, including roles like Sponsors, Registrars, Security Officers, Adjudicators, Identity Issuers, Helpdesk Operators, and assign the appropriate privileges and lifecycle actions. Organizations also have the flexibility to define custom roles, assigning specific privileges, tasks, and actions as needed within the scope of the platform's features. Learn how to create administrators and PIV Roles users.

Let's get started

Task Description
Branding Customize the platform as per your organization’s branding policies
Content Signing Certificate Upload an issuer content signing certificate to the database that will be used to sign the data written to containers in the identity devices to ensure data integrity and authenticity.
Directory Integration Integrate directories such as Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) for user federation.
Certificate Authorities Integrate certificate authorities for issuing digital certificates within a Public Key Infrastructure (PKI) framework.
Notification Providers Add an Email Server and SMS Gateway for notifications.
Notifications Configure system-wide notifications for users, operators, and administrators for timely updates and alerts.
Role-Based Access Control Manage roles and access privileges
Sign-in Policies Learn more about the various sign-on policies available
Multi-factor Authentication Configure MFA for the platform users and set a preferred sequence of the options
Passkeys (FIDO2) Policies Configure registration and authentication policies for the passkeys (FIDO2) as per FIDO2 specifications.
Groups Learn how to add groups to enable the assignment of multiple rules or policies to users.
Device Profiles Configure device management keys for identities such as smart cards, security keys, and digital identities on mobile devices.
Visual Designs Configure designs for the ID cards or electronic identities.
Workflows Configure workflows for credential issuance.
User Management Manage user onboarding and enrollment. Add admins, PIV operators, and users and assign role privileges. You can also enroll users in bulk. Assign groups and workflows to define issuance policies.
Credential Management System Learn how to issue various identity devices and enable lifecycle management of the credentials issued.
Reports Learn more about the comprehensive report generation module that empowers administrators and decision-makers to access various compliance reports.
Integrate IdPs Integrate IdPs such as Entra ID, Okta to enable SSO functionality and identity federation. The platform supports OpenID Connect (OIDC) and Security Assertion Markup Language (SAML) protocols.
SCIM Provisioning Learn how to leverage the SCIM-compliant APIs to integrate SCIM clients to facilitate centralized management of user data and identities across multiple domains or systems.
Enterprise Connections Learn how to consume external Identity Provider's (IdP) custom APIs for user provisioning. The platform currently supports Okta.
Integrate SSO Applications Learn how to integrate SSO applications such as Entra ID and Okta for single sign-on. The platform supports SSO over OpenID Connect (OIDC) and Security Assertion Markup Language (SAML) protocols.

Back Next
On this page