Configure security settings for Clients

In the Management Portal at Setup > Clients, configure security settings for Mobile and Windows Clients.

Mobile Clients

With the Mobile Client, mobile employees can view, request and manage corporate applications and services from their iOS or Android mobile device. Managers can easily use the Mobile Client to approve requests for services and order relevant services on behalf of employees.

Users can secure access to the Identity Director app with a PIN code. In the Management Portal, you can make usage of this PIN code mandatory. Alternatively, you can force users to provide their credentials when they start their app. This helps you to prevent scenarios in which unauthorized people have access to your environment if a mobile phone or tablet is lost or stolen.

Users can download the Mobile Client from the Apple App Store (iOS) and Google Play Store (Android), where they can find the app as Identity Director.

Item Explanation and Tips
Remember sign in settings Enable this option to allow users to save their credentials, so they do not have to provide them each time they start the Identity Director app.
This shows the Remember me option on the sign-in page of the app.
Force PIN validation when signing in Enable this option to force users to provide a PIN code when they start the app. This overrules the Remember me option on the sign-in page of the app.
  • Users can secure their app with a PIN code by selecting the Security PIN option in the Settings of the app. Users then need to provide a 4-6-digit PIN, which is stored on the user's phone. After this, they need to provide this PIN each time they start the app. If they forget the PIN, users can get access to the app by reinstalling it, after which they need to secure the app again. If you select the option Force PIN validation when signing in, the option Security PIN option is selected automatically and read-only. User who did not yet secure the app with a PIN need to generate it when they start the app.
  • This option is disabled by default.
Allow biometric identification Enable this option to allow identification using fingerprint sensors, face recognition (etc.) in the Mobile Client.
Inform users about Mobile Clients on Web Portal sign-in page

You can promote the usage of the Mobile Client on the sign-in page of the Web Portal.
Clear the option to disable it, for example because business compliance does not allow users to interact with Identity Director via a mobile device.


This option is disabled by default.

Windows Clients

The Windows client can display messages, facilitate the Password Reset and Unlock Account features, and give access to the Web Portal.

Item Explanation and Tips
Remember sign in settings Enable this option to allow users to save their credentials, so they do not have to provide them each time they logon to their computer.
This unlocks the Remember me option on the sign-in message of the client.
Require password entry after Users must enter their password after the selected number of days.
Require password entry if user has been inactive for Users must enter their password after they did not use the Windows client for the selected number of days.
This is also the case if the interval for Require password entry after has not yet expired.

Web Portal shared access policy

The keys listed here are used to secure communications between the Windows Clients and the Web Portal. Both the Primary Key and the Secondary Key can be used, but only one can be used on a client.

Configuration during installation of the clients

Use the public property WEBPORTALSHAREDACCESSKEY
See also Unattended Installations.

Configuration of already installed clients

Use the following command line on every machine running the Windows client:
resocw.exe /config /silent /webPortalSharedAccessKey=<primary_or_secondary_key>

Privacy Policy

The Privacy Policy notification can help you make the Web Portal and Mobile Client GDPR-compliant, by displaying a cookie notification and a link to a Privacy Policy.
Please consult with the legal department of your organization, if displaying the notification is necessary.

The notification will appear only at the first visit, unless cookies are removed or not stored.

Item Explanation and Tips
Enabled Enable the notification. By default, it is disabled.
Title The title that is displayed in the notification.
Policy URL The URL to the Privacy Policy. The notification contains a button that uses this URL.
By default, the URL will link to the Ivanti Privacy Policy

Message

The message that is displayed in the notification.

The styling options allow you to create the appropriate look for he notification.

You can restore the fields in the table above to their default values by using Reapply default text.

Translations (Privacy Policy only)

Use the Translations tab to view the set of supported languages, and to export and import service properties file (RESX) for each supported language.

This tab is only available if you have enabled translations at Setup > Translations.

Configuration

Field Explanation and Tips
Default language The language that has been set as default at Setup > Translations
Click Download resx service properties to export the RESX of the default language and use it as the basis of translations for the other supported languages.
Other supported language(s) List of other languages that have been enabled at Setup > Translations.
  • Each supported language uses the default language if you do not upload a RESX file.
  • Click Reapply default language to reapply the default language.
  • Click Download resx service properties to export the RESX of the language to make adjustments to the translation.
  • Click Import resx file to import the RESX of the language. This ensures that custom labels are translated in the correct language.

The name of the exported RESX file has the format <name>_<language_abbreviation>.resx.

See also