• |
Enrolment procedure area |
• |
Approval not required: the user biometric data enrolment does not need anybody’s authentication. |
• |
A Quest ESSO administrator: the user biometric data enrolment requires the authentication of an administrator who has at least the following administration right: "Bio: Is enable to allow biometrics pattern enrolment" (advanced administration mode only). |
• |
Another Quest ESSO user: the user biometric data enrolment requires the authentication of another user of the directory. |
• |
Policy area |
a) |
User must enrol between x and x finger(s): number of fingers you want the user to enrol. |
b) |
Allow user to abort the enrolment process: when this check box is selected, the user is allowed to cancel the enrolment process by closing the enrolment window. |
c) |
Remember Passwords: when this check box is: |
• |
Temporary: when a user delegates his/her session, the session is delegated until he/she re-authenticates. |
• |
Permanent: when a user delegates his/her session, the session is delegated until he/she ends the delegation authorization through the Manage Session Delegation menu in Advanced Login. |
• |
Re-authentication is needed check box |
• |
Check box selected: when the user launches one of the delegation tool, an authentication window appears on his/her workstation. |
• |
Check box cleared: the user does not need to authenticate again on his/her workstation when he/she launches one of the delegation tool. |
• |
Temporary delegation needs an approval check box |
• |
Check box selected: a user who wants to delegate his/her session needs the approval of the delegate. |
• |
Check box cleared: a user can delegate his/her session to another user without collecting his/her approval. An information window appears on the delegate’s workstation to inform him/her that a delegation has been set. |
• |
Authorize delegation to all users check box For Session delegation outside a cluster, this check box must be selected. |
• |
Check box selected: users are authorized to delegate their Windows session to all users of the directory. |
• |
Check box cleared: users are not authorized to delegate their Windows session to all users of the directory. |
• |
Check box selected: users are only authorized to delegate their Windows session to members of the same group of users. |
• |
Check box cleared: users are not authorized to delegate their Windows session to members of the same group of users. |
• |
Check box selected: users are only authorized to delegate their Windows session to members of the same organizational unit. |
• |
Check box cleared: users are not authorized to delegate their Windows session to members of the same organizational unit. |
• |
Add button: opens the user selection window, which allows you to add users to the list. Use the Browse tab to browse the directory tree structure or use the Search tab to find the user by typing its name. |
• |
Remove button: removes the selected user/group/organizational unit from the list. |
d) |
Check box cleared: no specific of authorized users is defined. |
a) |
• |
If the workstation can connect to the Quest ESSO Controller, the controller verifies the OTP as in the online mode and the user’s password stored in the directory is used to open the session. |
• |
If the workstation cannot connect to the Quest ESSO Controller, the OTP is verified locally and the user’s password stored in the cache is used to open the session. |
© 2022 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy