Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - Installation Guide

1. Overview 2. Preparing the Storage of Security Data in the LDAP Directory
2.1 Active Directory 2.2 Active Directory + ADAM or AD LDS 2.3 OpenLDAP 2.4 Netscape iPlanet / Sun Java System / Red Hat / Fedora Directory Server 2.5 Novell eDirectory 2.6 IBM Tivoli Directory Server 2.7 Deploying a Workstation LDAP User Account
3 Installing Quest ESSO Controllers and Audit Databases 4 Installing and Configuring the Software Modules on the Workstations 5 Enabling the Self Service Password Request (SSPR) Capability 6. Enabling OTP Authentication 7 Enabling the Group Membership Modification Feature 8 Centralizing Parameters Using Group Policy Objects (GPO) 9 Installing Quest ESSO MSI Packages in Silent Mode Appendix A: Advanced Configuration: Audit Appendix B: Activating Traces Appendix C: Retrieving the Serial Number on a MiFARE RFID Badge

4.1.1 Quest ESSO Configuration with Active Directory

The following table explains how to configure Quest ESSO workstation to work with Active Directory.
In the Customer ID field, type your Customer ID provided by your Quest Software representative.
Click Import to select your licence key file.
Click Next.
In the Customer ID field, type your Customer ID.
Click Next.
Select with a Controller.
Click Next.
Select Microsoft Active Directory.
Click Next.
Click Next.
Click Next.
Clear Manage access-points if you do not want that Quest ESSO manages access points (for more information on access point management see Quest ESSO Console Administrator Guide).
Default: Manage access-points selected.
Click Next.

4.1.2 Quest ESSO Configuration with a User Database or Directory other than Microsoft Active Directory

The following table explains how to configure Quest ESSO workstation to work with a User Database or Directory other than Microsoft Active Directory.
In the Customer ID field, type your Customer ID provided by your Quest Software representative.
Click Import to select your licence key file.
The licence keys are saved and appear in the table.
Click Next.
In the Customer ID field, type your Customer ID.
Type the licence keys in the corresponding field and click Add.
The licence keys are saved and appear in the table.
Click Next.
Select with a Controller.
Click Next.
Click Next.
Click Next.
Click Next.
To synchronize passwords from the SAMBA controller to the OpenLDAP server, select Passwords are synchronized only from MS Windows domain to LDAP server and fill in the Netbios names of the SAMBA domain and the SAMBA controller.
To manage SAMBA computer object, select Integrate with SAMBA computer objects.
Click Next.
Clear Manage access-points if you do not want that Quest ESSO manages access points (for more information on access point management see Quest ESSO Console Administrator Guide).
Default: Manage access-points selected.
Click Next.

4.2 Installing Microsoft Redistributables

Before installing a Quest ESSO Client or Controller, you must install Microsoft Visual C++ 2005 Redistributables as explained in the following procedure.
The Microsoft Visual C++ 2005 Redistributables are delivered as installation packages using the Microsoft Windows Installer (MSI) format.
1.
2.
In the Select a task list, select Install software modules.
3.
In the Software Installation task list, click Install Microsoft Redistributables and follow the displayed instructions.
If Microsoft Redistributables are already installed on the workstation, the Install Microsoft Redistributables link does not appear.

4.3 Installing a Quest ESSO Client

The Quest ESSO Client installation wizard allows you to install simultaneously all the Quest ESSO software modules on a workstation.
The Quest ESSO software modules are:
Advanced Login is the authentication software module.
SSOWatch module is the secure single sign-on (SSO) software module. You can install it on a single workstation or deploy it on all the workstations of an enterprise network. This section explains how to install it on a workstation.
Quest ESSO Console is the administration console. This module can be installed on any client workstations, together with the File Encryption software module.
The Quest ESSO Client is delivered as installation packages using the Microsoft Windows Installer (MSI) format.
In interactive mode: follow the instructions of the installation wizard, as described in the following procedure.
In silent mode: command line options allow you to specify installation options for each of the installation package: see 9., "Installing Quest ESSO MSI Packages in Silent Mode".
1.
2.
In the Select a task list, select Install software modules.
3.
In the Software Installation task list, click Install Quest ESSO Client.
The Quest ESSO Client installation wizard appears.
If you have installed Advanced Login, the Advanced Login authentication window appears.
Advanced Login: Advanced Login software module installation, which includes the following selectable features:
The selection of the Advanced Login features is not available on Windows XP and Windows Vista.
SSPR authentication: users who forgot their password must answer security questions to open a session. For more information, see  Advanced Login Self Service Password Request Administrator Guide.
You can select only this option (without any other listed under the Advanced Login node) to enable SSPR while keeping the standard Windows authentication.
On Windows 7/2008 clients, this option can be combined with Integration with Windows Authentication (see below) to add the SSPR option to the Smart Card Logon mode.
Cluster and transparent locking: this feature must be installed to enable the cluster mode and the transparent locking. For more information, see  Administrator Guide for Cluster Mode of Advanced Login.
SSOWatch: SSOWatch software module installation, which includes the following selectable features:
Biometrics Enrollment tool: installs the biometrics enrollment wizard on the workstation, which allows a user to enroll his/her biometric data for fingerprint authentication. For more information on the Quest ESSO biometrics feature, see Advanced Login for Windows User Guide.
Integration with Windows Authentication: launches transparently SSOWatch module of Quest ESSO at session startup using the user Windows credentials. If this feature is not installed, SSOWatch module of Quest ESSO will be launched automatically, but it will ask the user for his/her credentials.
If you select this option to implement the Smart Card Logon mode, note that by default, this feature supports only the Microsoft Credential Provider tile. On Windows 7 and 2008 systems, you can extend smart card logon to non-Microsoft credential providers, by creating under HKLM\Software\Enatel\WiseGuard\FrameWork\ Authentication the following value;
Value name: AltSmartCardCredentialProviders
Value type: REG_SZ (String value).
Data: the credential provider GUID.
(example:
{6012D512-EEBB-41E2-8842-28611CD7FE9E}). For information on the credential provider GUID, see the vendor documentation.
Old IE Plugin: this deprecated Internet Explorer plug-in must only be installed for compatibility reasons with the previous Quest ESSO versions.
Java plugin: allows SSOWatch module of Quest ESSO to access Java applications
If you select this feature, make sure a supported Java version is already installed on your workstation.
If you update your Java version, SSOWatch module of Quest ESSO must be reinstalled.
Personal SSO Studio: allows a single user to configure the applications for which he/she wants to enable SSO.
Enterprise SSO Studio: this feature is dedicated to administrators: the SSO configuration is shared by a number of users.
Multi User Desktop: provides a single Windows Desktop to display all the user applications and launches a single instance of SSOWatch engine. For more information, please refer to Advanced Login Session Management Administrator Guide.
This option is incompatible with Advanced Login and Integration with Windows.
Public Access FUS: allows authorized users to share a workstation without having to restart a Windows session. On smart card, RFID badge or fingerprints detection, Quest Enterprise SSO prompts the user to type his/her PIN code or password and starts the SSOWatch engine. The engine stops at smart card or RFID badge withdrawal, or fingerprints detection.
This option is incompatible with Advanced Login and Integration with Windows
Quest ESSO Console: Quest ESSO Console software module installation.
If Quest ESSO Console has already been installed on the machine (with the Quest ESSO Controller), the Quest ESSO Console feature does not appear in the window.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating