This guide describes how to use
Quest ESSO Console, the administration tool that allows you to define your company
Quest ESSO configuration, from the setting up of the basic security objects to the definition of access rights for users, workstations and applications.
1.1 Quest ESSO Concepts
Quest ESSO is the module of the IAM solution that provides centralized management of application, network access strategies and security data. For this purpose,
Quest ESSO is based on the management of three types of objects:
applications for which you will enable the single sign-on functionality.
client workstations (access points) on which users log on to access their applications.
Quest ESSO offers two access point functional modes. The wanted mode is selected at installation time:
1.2 Quest ESSO Controllers
1.2.1 Quest ESSO Services
Quest ESSO Controller is installed, several services dedicated to specific features are installed at the same time. The set of functions provided by
Quest ESSO are gathered in the following services:
Quest ESSO Controller may offer the set of services or only a part of these services.
Quest ESSO Console allows you to dedicate a
Quest ESSO Controller to a subset of services. Once specialized, each controller continues to run all the services but only a part of them is used by the workstations.
The first time a workstation needs to connect to a
Quest ESSO Controller, it obtains the list of existing controllers from the directory and builds in a cache the list of the available services classified by sites. Then the workstation tries to connect to a
Quest ESSO Controller that explicitly provides the required service in its site. If no such controller is available, then the workstation tries to connect to a
Quest ESSO Controller that provides all services in its site. If no such controller is available it tries in the other sites.