Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Enterprise Single Sign-On 8.0.6 - Installation Guide

Table of Contents

1.1 The Quest ESSO Software Suite

1.1.1 The Quest ESSO Security Services 1.1.2 Quest ESSO Components

1.2 Quest ESSO Architecture 1.3 Quest ESSO and Your Corporate LDAP Directory Infrastructure

1.3.1 Separation of the Quest ESSO Data 1.3.2 Inter Domain and Multi Domain 1.3.3 Examples of Supported Active Directory Infrastructures

1.3.3.1 Multi-Domain Infrastructure 1.3.3.2 Active Directory + ADAM/AD LDS Infrastructure

2. Preparing the Storage of Security Data in the LDAP Directory

2.1 Active Directory

2.1.1 Global Installation Process within an Active Directory Infrastructure 2.1.2 Extending the Schema and Setting ACLs 2.1.3 Setting Indexes on Active Directory Attributes (Optional)

2.1.3.1 Indexes on Standard Attributes 2.1.3.2 Indexes on Quest ESSO Specific Attributes

2.1.4 Configuring Secure Authentication and Data Securization

2.2 Active Directory + ADAM or AD LDS

2.2.1 Extending the Schema of ADAM/AD LDS 2.2.2 Preparing the ADAM/AD LDS Instance Administrator Account 2.2.3 Setting ACLs on ADAM/AD LDS 2.2.4 Setting Indexes on ADAM/AD LDS Attributes

2.2.4.1 Setting Indexes on Standard Attributes 2.2.4.2 Setting Indexes on Quest ESSO Specific Attributes

2.2.5 Configuring Secure Authentication and Data Securization

2.3.1 Extending the Schema of an OpenLDAP Directory 2.3.2 Setting ACLs on an OpenLDAP Directory 2.3.3 Setting Indexes on OpenLDAP Attributes

2.3.3.1 Setting Indexes on Standard Attributes 2.3.3.2 Setting Indexes on Quest ESSO Specific Attributes

2.3.4 Integrating SAMBA 2.3.5 Configuring Secure Authentication 2.3.6 Configuring Data Securization

2.4 Netscape iPlanet / Sun Java System / Red Hat / Fedora Directory Server

2.4.1. Extending the Schema of a Netscape iPlanet /Sun Java System /Red Hat / Fedora Directory Server 2.4.2 Setting ACLs on a Netscape iPlanet / Sun Java System / Red Hat / Fedora Directory Server

2.4.2.1 Standard Storage Mode 2.4.2.2 Cooperative Storage Mode

2.4.3 Setting Indexes on Netscape iPlanet / Sun Java System / Red Hat / Fedora Directory Server Attributes

2.4.3.1 Setting Indexes on Standard Attributes 2.4.3.2 Setting Indexes on Quest ESSO Specific Attributes

2.4.4 Configuring Secure Authentication 2.4.5 Configuring Data Securization

2.5 Novell eDirectory

2.5.1 Extending the Schema of a Novell eDirectory 2.5.2 Setting ACLs for Delegation (Optional) 2.5.3 Setting Indexes on Novell eDirectory Attributes

2.5.3.1 Setting Indexes on Standard Attributes 2.5.3.2 Setting Indexes on Quest ESSO Specific Attributes

2.5.4 Configuring Secure Authentication (Optional) 2.5.5 Configuring Data Securization

2.6 IBM Tivoli Directory Server

2.6.1 Extending the Schema of an IBM Tivoli Directory Server 2.6.2 Setting ACLs on an IBM Tivoli Directory Server 2.6.3 Setting Indexes on IBM Tivoli Directory Server Attributes 2.6.4 Configuring Secure Authentication 2.6.5 Configuring Data Securization

2.7 Deploying a Workstation LDAP User Account

3 Installing Quest ESSO Controllers and Audit Databases

3.1 Starting the Administration Tools window 3.2 Running the Default Objects Creation Tool 3.3 Initializing the Primary Controller 3.4 Initializing an Associated Controller 3.5 Publishing a New Token Data File 3.6 Defining Administrative Tokens for Self Service Password Request 3.7 Importing an External Key 3.8 Importing/Exporting the Controller Key 3.9 Installing and Configuring the Local Audit Database

3.9.1 Installing the Provided Audit V2 MySQL Database Server 3.9.2 Creating Audit V2 Tables in an Existing Database 3.9.3 Setting up the Connection to the Local Audit Database 3.9.4 Updating the Audit Translation Data

3.10 Declaring the Technical Accounts Used by the Quest ESSO Controllers 3.11 Defining a Master Audit Database 3.12 Installing a Quest ESSO Controller

4 Installing and Configuring the Software Modules on the Workstations

4.1 Configuring Workstations

4.1.1 Quest ESSO Configuration with Active Directory 4.1.2 Quest ESSO Configuration with a User Database or Directory other than Microsoft Active Directory

4.2 Installing Microsoft Redistributables 4.3 Installing a Quest ESSO Client 4.4 Installing French Healthcare Smart Cards (CPS) 4.5 Installing Finger Vein Biometric Drivers 4.6 Modifying the Possible Domains List

5 Enabling the Self Service Password Request (SSPR) Capability 6. Enabling OTP Authentication

6.1 Installing a Radius Plugin 6.2 Installing an RSA Authentication Server and Agent

6.2.1 Installing RSA Authentication Server 6.2.2 Installing RSA Authentication Agent

7 Enabling the Group Membership Modification Feature 8 Centralizing Parameters Using Group Policy Objects (GPO)

8.1 Creating and Configuring Group Policy Objects Using an ADM File 8.2 Creating and Configuring Group Policy Objects Using ADMX Files (optional) 8.3 Description of the User Access Administrative Template (optional)

9 Installing Quest ESSO MSI Packages in Silent Mode

9.1 Installing Microsoft Redistributables in Silent Mode 9.2 Installing Quest ESSO Controller in Silent Mode 9.3 Installing Quest ESSO Client in Silent Mode 9.4 Installing Quest ESSO Web Server in Silent Mode

Appendix A: Advanced Configuration: Audit

A1 Audit Extension DLL Development Guide

A.1.1 Structure of Audit Event: _WG_AUDITEVENT A.1.2 Structure of Audit Configuration: _WG_AUDITCONFIG A.1.3 Prototypes of Functions to Export

A.2 Audited Events

Appendix B: Activating Traces Appendix C: Retrieving the Serial Number on a MiFARE RFID Badge

C.1 Parameters C.2 Configuring the MiFARE RFID Parameters C 3 Resetting the MiFARE RFID Parameters

6. Enabling OTP Authentication

OTP authentication allows users to authenticate to Quest ESSO by giving your login name and OTP (in case a code is needed on the OTP device).

If configured, OTP authentication is accessible from the authentication window (Advanced Login) and from the authentication client.

OTP authentication in Quest ESSO requires either:

•	A Radius plugin: Radius only supports online mode.

•	An RSA authentication server and an RSA authentication agent for online or online & offline modes. For online & offline mode, the RSA server and agent must be installed on each workstation on which OTP authentication is needed.

Quest ESSO supports only one activated OTP authentication method at a time.

You can configure the OTP authentication mode from Quest ESSO Console: see Quest ESSO Console Administrator Guide.

Also in this chapter:

•	6.1 Installing a Radius Plugin

•	6.2 Installing an RSA Authentication Server and Agent

6.1 Installing a Radius Plugin

•	Copy and paste the following XML code:

<token_class id="OTP" display_name="OTP">

<custom_otp_dll>CustomOTPExtensionRadius.dll</custom_otp_dll>

<ldap_attribute>sAMAccountName</ldap_attribute>

</token_config>

<data_structure>

<module id="0x0100">

<module id="0x0200">

</data_structure>

•	Custom_otp_dll indicates the name of the .dll file to associate with the OTP method.

•	ldap_attribute is the LDAP attribute that collects the Radius login depending on the Quest ESSO login.

•	Enter the following keys in the registry base:

Value	Type	Key
Radius Server	String	HKEY_LOCAL_MACHINE\SOFTWARE\ Enatel\WiseGuard\FrameWork\Radius\Server
Port	DWORD	HKEY_LOCAL_MACHINE\SOFTWARE\ Enatel\WiseGuard\FrameWork\Radius\Server
Radius Server Secret	String	HKEY_LOCAL_MACHINE\SOFTWARE\ Enatel\WiseGuard\FrameWork\Radius\Secret

6.2 Installing an RSA Authentication Server and Agent

•	6.2.1 Installing RSA Authentication Server

•	6.2.2 Installing RSA Authentication Agent

6.2.1 Installing RSA Authentication Server

You must install the RSA authentication server on a dedicated system: refer to the RSA documentation.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy