Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - Installation Guide

1. Overview 2. Preparing the Storage of Security Data in the LDAP Directory
2.1 Active Directory 2.2 Active Directory + ADAM or AD LDS 2.3 OpenLDAP 2.4 Netscape iPlanet / Sun Java System / Red Hat / Fedora Directory Server 2.5 Novell eDirectory 2.6 IBM Tivoli Directory Server 2.7 Deploying a Workstation LDAP User Account
3 Installing Quest ESSO Controllers and Audit Databases 4 Installing and Configuring the Software Modules on the Workstations 5 Enabling the Self Service Password Request (SSPR) Capability 6. Enabling OTP Authentication 7 Enabling the Group Membership Modification Feature 8 Centralizing Parameters Using Group Policy Objects (GPO) 9 Installing Quest ESSO MSI Packages in Silent Mode Appendix A: Advanced Configuration: Audit Appendix B: Activating Traces Appendix C: Retrieving the Serial Number on a MiFARE RFID Badge

1. Overview

Quest ESSO solution enables you to deploy a high level of security. It uses the corporate LDAP directory of your company to manage single sign-on (SSO) on this distributed LDAP architecture.
This guide explains how to install Quest ESSO (Quest ESSO gathers Advanced Login and Quest ESSO SSOWatch modules).

1.1 The Quest ESSO Software Suite

1.1.1 The Quest ESSO Security Services

Quest ESSO is composed of several software applications, which are running through a middleware, called the Quest ESSO Security Services. It is a Windows service, which is automatically installed during the Quest ESSO installation process. It provides the following services:
The Quest ESSO applications do not run directly with the LDAP directory of your company with your users’ tokens. All the operations are performed by the Security Services, in a secure system environment.

1.1.2 Quest ESSO Components

SSOWatch is the single sign-on (SSO) engine. It is installed on the client workstations. This software module offers many optional components.
Advanced Login software module allows you to enforce users’ authentication and to use other authentication sources than Active Directory. When installed, it is used instead of the standard Windows log on dialog box.
Advanced Login allows users to log on their workstation using several authentication methods, as login/password, smart cards, or biometrics authentication methods.
The Quest ESSO Controller is an administration server that enables the management of administration profiles.
The administration actions are not directly sent from the workstations to the LDAP account of the Quest ESSO administrator, but through the Quest ESSO Controller: upon the Quest ESSO installation, you will have to define an LDAP account that will be used by the Quest ESSO Controller to perform any Quest ESSO administration action on the LDAP directory.
You do not have to set different ACLs depending on the Quest ESSO administrators. You just have to set ACLs only once, on the LDAP account used by the Quest ESSO Controller, which manages the administration requests depending on the administration profiles defined using Quest ESSO Console.
The Quest ESSO Controller runs also as the Quest ESSO audit server. It retrieves audit information of the Quest ESSO workstations in an SQL database. The pieces of audit data are available through Quest ESSO Console, either globally, or contextually (that is depending on the selected audited Quest ESSO object).
Quest ESSO Console is a centralized administration and audit consultation tool that can be installed on any Quest ESSO workstation client. This administration console allows you also to define extended security policies by managing Access Points, and by defining authentication scheduling.
Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating