Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - Installation Guide

1. Overview 2. Preparing the Storage of Security Data in the LDAP Directory
2.1 Active Directory 2.2 Active Directory + ADAM or AD LDS 2.3 OpenLDAP 2.4 Netscape iPlanet / Sun Java System / Red Hat / Fedora Directory Server 2.5 Novell eDirectory 2.6 IBM Tivoli Directory Server 2.7 Deploying a Workstation LDAP User Account
3 Installing Quest ESSO Controllers and Audit Databases 4 Installing and Configuring the Software Modules on the Workstations 5 Enabling the Self Service Password Request (SSPR) Capability 6. Enabling OTP Authentication 7 Enabling the Group Membership Modification Feature 8 Centralizing Parameters Using Group Policy Objects (GPO) 9 Installing Quest ESSO MSI Packages in Silent Mode Appendix A: Advanced Configuration: Audit Appendix B: Activating Traces Appendix C: Retrieving the Serial Number on a MiFARE RFID Badge

1.2 Quest ESSO Architecture

The following illustration details the different interactions between the different components of the Quest ESSO software suite, the corporate LDAP directory and applications.
The Security Services components are installed on the Quest ESSO workstations (end-user and administration workstations). They are running as client of the Quest ESSO Controller to carry out the following functionalities:
Enabling the administration of the Quest ESSO security objects.
It allows Quest ESSO users to authenticate to their corporate LDAP directory, either using their usual authentication interface, or using Advanced Login if installed on the workstation.
The authentication allows Quest ESSO users to:
Get cipher keys to secure their stored SSO data. Each Quest ESSO user has a unique key pair.
The Quest ESSO Controller gathers all the audit events sent by the Quest ESSO workstations in an SQL database. The link between the Quest ESSO workstations and the Quest ESSO Controller is secure (SSPI). An audit cache located on the Quest ESSO workstation manages network flows and stores the audit events if the workstation is disconnected from the network.
In disconnected mode, the administration actions are no longer carried out by the Quest ESSO applications (through the Security Services running as client of the Quest ESSO Controller), but directly by the Quest ESSO Controller.

1.3 Quest ESSO and Your Corporate LDAP Directory Infrastructure

Since Quest ESSO works directly with the directory in place to deploy the SSO policies, you must take into account your directory infrastructure before starting the installation process. The following sub-sections introduce Quest ESSO concepts related with directory infrastructure, and provide examples that may correspond to your situation.

1.3.1 Separation of the Quest ESSO Data

For example, if you are using an Active Directory infrastructure, you can use an ADAM/AD LDS directory to store the Quest ESSO configuration and the SSO data. In this mode, the Active Directory service is the identities directory, and ADAM/AD LDS is a Quest ESSO dedicated directory used to store Quest ESSO data.
The following illustration shows a Quest ESSO architecture using an Active Directory service combined with a Quest ESSO dedicated ADAM/AD LDS infrastructure.

1.3.2 Inter Domain and Multi Domain

This section introduces two Quest ESSO specific concepts dealing with Active Directory infrastructures: inter domain and multi domain.
The inter domain concept refers to the Quest ESSO users. It consists in setting up Quest ESSO so that a user of one domain can authenticate on workstations of another domain.
For example, to set up Quest ESSO inter domain, you must follow the following requirements:
The multi domain concept refers to the Quest ESSO administrators. It consists in setting up Quest ESSO so that a Quest ESSO administrator can manage several domains at the same time using the Quest ESSO administration console.
The following illustration shows a Quest ESSO solution running in a multi domain configuration.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating