After a manager sets up an Application Profile to configure authentication settings for an application and publishes cards to authorized members, the last step before members can start using the cards is configuring accounts for each member.

Configure Account Types

Shared Account

Multiple members can share a single account by making the account type Shared account when publishing a card. The account will be controlled by the password admin who enters the login information on Junify. When the password admin leaves the organization, another manager might want to change the password for security reasons. If someone else changes the password for a shared account, they become a new password admin for the account.

Once an account is created as a shared account, managers can enable the 2FA (Two-factor Authentication) feature and the Secret Question feature in the Advanced Settings section so that anyone who has access to the account can seamlessly log into it without having a real mobile device that receives SMS for 2FA or a piece of paper to see what the answers for the secret questions.

Managers can also enable the Session Recording feature in the Access Policy section for better security. When the session recording feature is enabled, Junify records all the operations done on the application with the shared account, and managers can playback the session when necessary.

Per-User Account

If your members access an application with their accounts, the account type should be Per-User Account. Junify provides two ways for organizations to manage the Username/Password based on each company's security policy.

Here are the two methods to manage an account for each user:

1. Company Control 

When the Company Control option is chosen, managers have to fill up username and password (and sometimes more) for all authorized members whose credentials' password management type is set to Company Control. Unless managers adequately set up an account for each user, someone cannot log in to the application through Junify. Junify recommends this option because all the authorized members will not know the passwords, which is much secure than traditional password management, where each member knows their password. We suggest the password admin set the password reset email address in the application to an admin address, so the end-user cannot reset their password.

SAML accounts are also a part of the company control; managers can enable this option when the Application Profile has been configured with the SAML authentication method.

2. Member Control 

The Member Control option gives your authorized members a convenient way to manage and update their credentials. They can easily copy and paste the login information from the Application Card. 

Access Policy settings

Besides the default access policy that is inherent from the Application Profile default setting, each account could also be configured individually.

1. Restrict Location: Restrict the access with the assigned geofence location. The restriction can't be turned off when enabled from the application profile default settings, but the manager can add more geofences based on members' usage. The geofences need to be added first in the Location -> Manage Geofences.