Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - Quest ESSO Console Administrator Guide

1. Overview 2 Authenticating to Quest ESSO Console and Managing Protection Modes 3 Searching the Directory Tree 4 Managing Administrators 5 Managing Security Profiles
5.1 Managing Time Slices 5.2 Managing Password Format Control Policies 5.3 Managing User Security Profiles 5.4 Managing Access Point Security Profiles 5.5 Managing Application Security Profiles 5.6 Defining Security Profiles Default Values 5.7 Managing User and Access Point Security Profiles Priorities
6 Managing Directory Objects
6.1 Managing Applications 6.2 Managing Users 6.3 Managing Access Points 6.4 Managing Representative Objects 6.5 Managing Clusters of Access Points 6.6 Selecting a Domain Controller
7 Importing/Exporting Security Profiles and Directory Objects 8 Managing Smart Cards
8.1 Assigning Smart Cards to Users 8.2 Formatting Smart Cards 8.3 Forcing a new PIN 8.4 Disabling Temporarily Smart Cards 8.5 Unlocking Smart Cards 8.6 Sending Smart Cards to a Blacklist 8.7 Extending the Validity of a Smart Card 8.8 Allowing Users to Renew their Smart Card Certificates 8.9 Displaying Smart Card Properties 8.10 Displaying the List of Supported Smart Cards 8.11 Managing Smart Card Configuration Profiles 8.12 Managing Loan Cards 8.13 Managing Smart Cards' Authentication Parameters 8.14 Managing Batches of Smart Cards
9 Managing SA Server Devices 10 Managing RFID Tokens 11 Managing Biometric Enrolment 13 Enabling the Public Key Authentication Method 14 Managing the Emergency Plan 15 Managing Audit Events 16 Managing Reports 17 Customizing Configuration Files 18 Creating Scripts Appendix A: Regular Expressions - Basic Syntax Appendix B: Listing Audit Events and Error Codes Appendix C: Correspondence Between Profile and Administration Rights

1. Overview

This guide describes how to use Quest ESSO Console, the administration tool that allows you to define your company Quest ESSO configuration, from the setting up of the basic security objects to the definition of access rights for users, workstations and applications.

1.1 Quest ESSO Concepts

Quest ESSO is the module of the IAM solution that provides centralized management of application, network access strategies and security data. For this purpose, Quest ESSO is based on the management of three types of objects:
The company's applications for which you will enable the single sign-on functionality.
The client workstations (access points) on which users log on to access their applications.
Quest ESSO offers two access point functional modes. The wanted mode is selected at installation time:

1.2 Quest ESSO Controllers

1.2.1 Quest ESSO Services

Quest ESSO Services Overview
When a Quest ESSO Controller is installed, several services dedicated to specific features are installed at the same time. The set of functions provided by Quest ESSO are gathered in the following services:
Each Quest ESSO Controller may offer the set of services or only a part of these services.
Quest ESSO Services Management
At installation time, Quest ESSO Controllers are not specialized: all the above services are available.
Quest ESSO Console allows you to dedicate a Quest ESSO Controller to a subset of services. Once specialized, each controller continues to run all the services but only a part of them is used by the workstations.
At any time, you can change the Quest ESSO Controller configuration from Quest ESSO Console (as explained in Managing the Quest ESSO Controller Services) without having to install anything on the controller.
Workstation Connection to Quest ESSO Controllers
The first time a workstation needs to connect to a Quest ESSO Controller, it obtains the list of existing controllers from the directory and builds in a cache the list of the available services classified by sites. Then the workstation tries to connect to a Quest ESSO Controller that explicitly provides the required service in its site. If no such controller is available, then the workstation tries to connect to a Quest ESSO Controller that provides all services in its site. If no such controller is available it tries in the other sites.
This list is rebuilt only at the cache expiration, so when you change the services configuration from Quest ESSO Console, it needs time before all the workstation use the new services. For this reason and for backward compatibility with the previous version of Quest ESSO (called Enterprise SSO), a Quest ESSO Controller provides all services.
To ensure high availability and good performances, it is interesting to install Quest ESSO on several servers and to dedicate it to specific services. The following figure shows an example of service distribution: one server is dedicated to the audit and another to the administration.
Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating