Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - Quest ESSO Console Administrator Guide

1. Overview 2 Authenticating to Quest ESSO Console and Managing Protection Modes 3 Searching the Directory Tree 4 Managing Administrators 5 Managing Security Profiles
5.1 Managing Time Slices 5.2 Managing Password Format Control Policies 5.3 Managing User Security Profiles 5.4 Managing Access Point Security Profiles 5.5 Managing Application Security Profiles 5.6 Defining Security Profiles Default Values 5.7 Managing User and Access Point Security Profiles Priorities
6 Managing Directory Objects
6.1 Managing Applications 6.2 Managing Users 6.3 Managing Access Points 6.4 Managing Representative Objects 6.5 Managing Clusters of Access Points 6.6 Selecting a Domain Controller
7 Importing/Exporting Security Profiles and Directory Objects 8 Managing Smart Cards
8.1 Assigning Smart Cards to Users 8.2 Formatting Smart Cards 8.3 Forcing a new PIN 8.4 Disabling Temporarily Smart Cards 8.5 Unlocking Smart Cards 8.6 Sending Smart Cards to a Blacklist 8.7 Extending the Validity of a Smart Card 8.8 Allowing Users to Renew their Smart Card Certificates 8.9 Displaying Smart Card Properties 8.10 Displaying the List of Supported Smart Cards 8.11 Managing Smart Card Configuration Profiles 8.12 Managing Loan Cards 8.13 Managing Smart Cards' Authentication Parameters 8.14 Managing Batches of Smart Cards
9 Managing SA Server Devices 10 Managing RFID Tokens 11 Managing Biometric Enrolment 13 Enabling the Public Key Authentication Method 14 Managing the Emergency Plan 15 Managing Audit Events 16 Managing Reports 17 Customizing Configuration Files 18 Creating Scripts Appendix A: Regular Expressions - Basic Syntax Appendix B: Listing Audit Events and Error Codes Appendix C: Correspondence Between Profile and Administration Rights

5.5.2 Creating/Modifying Application Security Profiles

1.
In the tree structure of the Directory panel, right-click the Organizational Unit that must contain your application security profile and select New\Application Profile.
1.
In the tree structure of the Directory panel, select the application security profile to modify.

5.5.3 Configuring Application Security Profiles

5.5.3.1 General Tab

Note: Click the button to display and if necessary modify the selected PFCP, as described in 5.2 Managing Password Format Control Policies. 
The default PGP is selected by default. Click the button to select another existing PGP.
Note: Click the button to display and if necessary modify the selected PGP, as described in 5.5.1.1 Creating/Modifying Password Generation Policies.
Select this check box to start the application associated with the security profile when SSOWatch module of Quest ESSO starts. In this case, the application starting parameters must be defined at the SSO Studio level.
If you want to use a different user level than the one specified in the user security profile, as described in 5.3.2.3 Unlocking Tab (Fast User Switching Feature), select this check box and define the new level of the user for the applications associated with this security profile.
Select this check box to enable the Test application command in SSOWatch module of Quest ESSO when the user right clicks applications associated with the security profile.

5.5.3.2 Account Tab

IMPORTANT: If you select Store on token, check that the proper authentication method is provided and selected. For more information, see 5.5.3.3 Authentication Method Tab.
Select this check box to allow users to modify their passwords from the SSOWatch engine. This option ensures that SSO data are only managed centrally.
This check box is only available if the User can display password check box is selected.
IMPORTANT: If the user forgets his/her primary password or loses his/her smart card, it is impossible to recover his/her secondary accounts. 
User, administrators and external key: select this entry to allow an external application to decipher the user's secondary accounts using a public key. For example, you must select this entry if you want to use Quest ESSO with Web Access Manager (WAM). By selecting this entry, you allow WAM to decipher the Quest ESSO secondary accounts of the user so that WAM can perform SSO with these accounts.
This drop-down list allows you to define the way SSOWatch module of Quest ESSO behaves when it collects the security data of an application for which there is no account for the user.
The Account is collected by Quest ESSO:
When the user starts an application for the first time, the standard
SSOWatch security data collect window appears: the user must enter his/her user name and password to enable SSO for this application.
The user can request an access:
When the user starts an application for the first time, the link I don’t have any account for this application appears in the
SSOWatch security data collect window. The user can click this link to request an access to the application through the Request Manager portal.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating