Web Portal Manager
Security Verify Access has both command-line and graphical interface interfaces for managing domains, users, groups, permissions, policies, and other resources in the enterprise. The command line interface, pdadmin, is installed as part of the runtime package. The graphical user interface is a management console, called Web Portal Manager. Although we can manage the enterprise through either interface, only a subset of the management tasks can be completed through Web Portal Manager. To compare the mapping between the pdadmin utility and Web Portal Manager tasks, see pdadmin to Web Portal Manager equivalents. Another difference that when we use the pdadmin utility, we can specify a file, allowing us to automate certain management tasks by writing scripts. With Web Portal Manager, we cannot specify a file name. In some cases, however, we can copy and paste the contents of the file.
Online help
Instructions for completing tasks with Web Portal Manager are documented in the online help system. To access the online help:
- Use Web Portal Manager to log on to the domain.
- Select a task such as Group > Import Group.
- In the task title bar, click the question mark icon on the right side of the page. A help window contains the online information for completing the task.
Mitigate cross-site request forgery attacks
To help mitigate cross-site request forgery (CSRF) attacks in Web Portal Manager, a token has been added to certain Web Portal Manager requests. This token modifies the URL to the Web Portal Manager web pages. An error is returned if the token is missing from the request or does not match the real session token. A CSRF attack is a type of malicious web site attack that is sometimes called a one-click attack or session riding. This type of attack sends unauthorized requests from a user the website trusts. CSRF uses the trust that a site has in the browser of an authenticated user for malicious attacks. CSRF uses links or scripts to send involuntary HTTP requests to a target site where the user is authenticated.
Parent topic: Verify Access Platform and Supporting Components administration