10.3 Deployment Strategy

This section provides deployment details for enabling Access Manager business to consumer (B2C) access management capabilities. It also provides the high-level deployment flow.

The following diagram illustrates how Self Service Password Reset and Advanced Authentication are integrated with Access Manager :

Integration of Access Manager with Self Service Password Reset enables consumers and partners to perform self-registration, self-registration using social login information, account management (passwords, profile), and account deletion.

Integration of Access Manager with Advanced Authentication enables the multi-factor authentication capability when a user tries to log in from an unregistered device.

IMPORTANT:Access Manager 4.4 requires Self Service Password Reset 4.2 and Advanced Authentication 5.6 Patch 1 for enabling B2C access management capabilities.

In the Deployment Workflow, you can use the following base URLs to deploy a standard B2C access management environment:

  • B2C login URL: https://www.b2c.com/portal

  • User portal URL: https://idp.b2c.com:8443/nidp/portal

  • Access Gateway hosting Self Service Password Reset URL: https://www.b2c.com/sspr/

  • Access Gateway hosting Advanced Authentication URL: https://aa.b2c.com/account/basic

IMPORTANT:Ensure that Access Manager, Self Service Password Reset, and Advanced Authentication are using the same LDAP user store.

Deployment Workflow

  1. Set up the B2C login page.

    For more information, see Section 10.4, Setting Up the B2C Login Page.

  2. Configure Self Service Password Reset and Advanced Authentication servers.

    For more information, see Section 10.5, Configuring Self Service Password Reset and Advanced Authentication.

  3. Configure services for portal login page, Self Service Password Reset, and Advanced Authentication in Access Gateway.

    For more information, see Section 10.6, Configuring Services for Login Page, Self Service Password Reset, and Advanced Authentication in Access Gateway.

  4. Enable Self Service Password Reset and Advanced Authentication Servers integration in Identity Server.

    For more information, see Section 10.7, Enabling Self Service Password Reset and Advanced Authentication Integration in Access Manager.

    Specify Advanced Authentication server details in Identity Server only when you want to use authentication methods from Advanced Authentication.

  5. Configure social authentication contracts.

    For more information, see Section 10.8, Configuring Social Authentication Contracts.

  6. Configure device registration contract using an Advanced Authentication method for step-up authentication.

    For more information, see Section 10.9, Configuring Device Registration Contract.

  7. Configure to send email notifications when a user logs in using an unknown device. You can configure this option if you have configured a device registration contract.

    For more information, see Section 10.10, Configuring Email Server.