Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - Quest ESSO Console Administrator Guide

1. Overview 2 Authenticating to Quest ESSO Console and Managing Protection Modes 3 Searching the Directory Tree 4 Managing Administrators 5 Managing Security Profiles
5.1 Managing Time Slices 5.2 Managing Password Format Control Policies 5.3 Managing User Security Profiles 5.4 Managing Access Point Security Profiles 5.5 Managing Application Security Profiles 5.6 Defining Security Profiles Default Values 5.7 Managing User and Access Point Security Profiles Priorities
6 Managing Directory Objects
6.1 Managing Applications 6.2 Managing Users 6.3 Managing Access Points 6.4 Managing Representative Objects 6.5 Managing Clusters of Access Points 6.6 Selecting a Domain Controller
7 Importing/Exporting Security Profiles and Directory Objects 8 Managing Smart Cards
8.1 Assigning Smart Cards to Users 8.2 Formatting Smart Cards 8.3 Forcing a new PIN 8.4 Disabling Temporarily Smart Cards 8.5 Unlocking Smart Cards 8.6 Sending Smart Cards to a Blacklist 8.7 Extending the Validity of a Smart Card 8.8 Allowing Users to Renew their Smart Card Certificates 8.9 Displaying Smart Card Properties 8.10 Displaying the List of Supported Smart Cards 8.11 Managing Smart Card Configuration Profiles 8.12 Managing Loan Cards 8.13 Managing Smart Cards' Authentication Parameters 8.14 Managing Batches of Smart Cards
9 Managing SA Server Devices 10 Managing RFID Tokens 11 Managing Biometric Enrolment 13 Enabling the Public Key Authentication Method 14 Managing the Emergency Plan 15 Managing Audit Events 16 Managing Reports 17 Customizing Configuration Files 18 Creating Scripts Appendix A: Regular Expressions - Basic Syntax Appendix B: Listing Audit Events and Error Codes Appendix C: Correspondence Between Profile and Administration Rights Defining Account Properties

The Account Properties tab allows you to define the login and password requirements for the selected application, and the list of parameters supported by the application. The end user will have to follow these rules at application login/password collection time.
In the tree structure of the Directory panel, select the wanted application.
In the Configuration tab, click the Account Properties tab.
The Account Properties tab appears.
Fill in the Login, Password and Parameters tabs with the instructions given in 6.2.6 Managing User Accounts.
Click Apply.
Rule field:
Between parentheses, type the exact name of the user LDAP attribute(s) that you want to be displayed to the user in the application Login field.
Example: (mail) indicates that the login is the user's mail address.
If you want to add several LDAP attributes, they must be separated by a comma inside the parentheses. Example: (mail,dn)
To keep only the first n characters of the LDAP value, use the syntax (attLDAP,n).
Click the button to choose the PFCP used by the application.
Click the button to display the selected PFCP parameters.
The password reveal policy is initially configured on Application Profiles, as detailed in Section, "Account Tab". In some cases (for example if the SSO process stops working on an application), you can allow users to display the password of a specific application from the SSOWatch engine:
The Parameters tab allows you to add a list of additional authentication parameters (as Windows Domains or Languages for example). These parameters will enable you to define other fields than the user name/password fields of the target application authentication window.
If you are defining a UNIX application, you must add in this tab the Unix Host Identifier parameter (Default type), which is aimed to contain the name of the UNIX machine on which the authentication will be performed by the user.
Add button: click this button to add a parameter. The Add Parameter window appears.
External names for parameters allow you to define a mapping between the parameter that you are configuring within Quest ESSO Console and the name of an external parameter (created using another SSO tool).
Delete button: select a parameter a click Delete.
Properties button:
Select a parameter then click this button to define the properties of the selected parameter.
If you have selected Rule in the Parameter type area, between parentheses, get the exact LDAP attribute name (using an LDAP browser) and type it in the Value field. For example, type (mail) to indicate that the parameter value is the user's mail address.

6.1.4 Defining the Single Sign-On Properties of an Application

In the tree structure of the Directory panel, select the wanted application.
In the Configuration tab, click the SSO tab.
The SSO tab appears.
Fill in the Methods, Access Strategies and OLE/Automation tabs with the following guidelines:
Methods tab:
The Access strategies tab defines the list of application security profiles that the application can use. The profile to be used is selected at the time the application is assigned to the user. If only one profile is available, it is automatically selected.
Click Apply.

6.1.5 Defining External Names

This tab allows you to define a mapping between an application that you are configuring using Quest ESSO Console and the name of an external application (created using another SSO tool) for which you want to configure an access.
This option is particularly useful to integrate User Provisioning or Web Access Manager with Quest ESSO. For example, if you are defining an application called MyHTMLApplication that already uses Web Access Manager Account Bases, enter the names of the Web Access Manager Account Bases defined for this application. By this way, the Quest ESSO Controller will be able to use these Web Access Manager Account Bases to perform SSO with this application.

6.1.6 Assigning Users to an Application

You can authorize a user to run an application through the User Access tab, either from the application object or from the user object. Whatever the selected object type, the tab is exactly the same. For details on how to fill in this tab, please refer to 6.2.12 Assigning Applications to a Use.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating