Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - Quest ESSO Console Administrator Guide

1. Overview 2 Authenticating to Quest ESSO Console and Managing Protection Modes 3 Searching the Directory Tree 4 Managing Administrators 5 Managing Security Profiles
5.1 Managing Time Slices 5.2 Managing Password Format Control Policies 5.3 Managing User Security Profiles 5.4 Managing Access Point Security Profiles 5.5 Managing Application Security Profiles 5.6 Defining Security Profiles Default Values 5.7 Managing User and Access Point Security Profiles Priorities
6 Managing Directory Objects
6.1 Managing Applications 6.2 Managing Users 6.3 Managing Access Points 6.4 Managing Representative Objects 6.5 Managing Clusters of Access Points 6.6 Selecting a Domain Controller
7 Importing/Exporting Security Profiles and Directory Objects 8 Managing Smart Cards
8.1 Assigning Smart Cards to Users 8.2 Formatting Smart Cards 8.3 Forcing a new PIN 8.4 Disabling Temporarily Smart Cards 8.5 Unlocking Smart Cards 8.6 Sending Smart Cards to a Blacklist 8.7 Extending the Validity of a Smart Card 8.8 Allowing Users to Renew their Smart Card Certificates 8.9 Displaying Smart Card Properties 8.10 Displaying the List of Supported Smart Cards 8.11 Managing Smart Card Configuration Profiles 8.12 Managing Loan Cards 8.13 Managing Smart Cards' Authentication Parameters 8.14 Managing Batches of Smart Cards
9 Managing SA Server Devices 10 Managing RFID Tokens 11 Managing Biometric Enrolment 13 Enabling the Public Key Authentication Method 14 Managing the Emergency Plan 15 Managing Audit Events 16 Managing Reports 17 Customizing Configuration Files 18 Creating Scripts Appendix A: Regular Expressions - Basic Syntax Appendix B: Listing Audit Events and Error Codes Appendix C: Correspondence Between Profile and Administration Rights

6.1.7 Sharing the Administration of an Application

If you use Quest ESSO Console in advanced administration mode, the Application: Manage all applications administration right can be delegated to administrators so that they can manage all applications even if they have not created them.
For more details on administration rights, see
Section 4., "Managing Administrators".
1.
In the tree structure of the Directory panel, select the wanted application.
2.
Click the Administrators tab.

6.1.8 Generating/Importing Accounts for an Application

1.
In the tree structure of the Directory panel, select the wanted application.
2.
Click the Account Generation tab.
a)
Fill in the Credentials area. This area allows you to define the Account creation rules. Enter the following information:
In the Login field, enter a login creation rule. For example, type (cn) to define the Common Name as the name used as the Account login.
Then:
Either select
Random password generation to define a random password for each Account. This password is created depending on the defined PFCP (for more details, see Section 5.2, "Managing Password Format Control Policies").
Or if you want a single password for all the Accounts,
clear Random password generation and enter a password in the Password field.
b)
The Parameters area is optional. It allows you to add additional authentication parameters if needed (as Windows Domains or Languages for example).
c)
Fill in the Generate accounts for only these users area. This area allows you to select the users who must have Accounts. Depending on your needs, do one of the following:
If you want to create Accounts for all the users who have access to the application (that is who are listed in the User Access tab), but who do not have any Account created, check that Do not modify existing accounts is selected.
d)
Use the Select button to:
e)
Click Start to build the file.
The Account Import window appears.
f)
Click Import to generate/import the Accounts.

6.1.9 Assigning Access Points to an Application

1.
In the tree structure of the Directory panel, select the wanted application.
2.
Click the Access Points tab.
3.
Read carefully the Information area to fill in this tab.
If you select Allow access from all access points declared in the local directory, the selected application will be available on all the computers registered in the same domain as the application. To set the application available for computers registered in different domains, use the representative objects, as described in 6.4 Managing Representative Objects.
If you do not select Allow access from all access points declared in the local directory, do the following:
a)
Click the Add/Remove buttons to select the access points that you want to be accessible to the selected application.
Allow/Forbid
If you have added a group of access points and you want to forbid one or more access point(s) of this group, use the Allow and Forbid buttons.
Propagation method
If you want to specify a specific access point, and if your application uses the SSO propagation method, you must indicate a technical reference. By default, the technical reference specified on the application is used, as described in
6.1.4 Defining the Single Sign-On Properties of an Application.

6.1.10 Displaying Accounts Associated with the Application

The Accounts tab allows you to filter and display the accounts associated with the selected application, and to export them as a .csv file.
1.
In the tree structure of the Directory panel, select the wanted application.
2.
Click the Accounts tab.
The Accounts tab appears.
3.
In the Filter list, select the:
Display all accounts without access
Shows all accounts that have been collected from users for the selected application, but that are not associated with the application anymore.
Display all unregistered accounts
Shows all users that are authorized to access the selected application, and that have not registered their account for this application (the account is not collected).
Display all registered accounts
Shows all users that are authorized to access the selected application, and that have registered their account for this application (the account is collected).
Display all accounts
Shows all users that are authorized to access the selected application (unregistered and registered accounts).
Show Parameters check box to display the Authentication parameter linked to the technical definition of the application.
4.
Click Apply.
5.
In the Export area, select the element of the displayed list you want to export as a .csv file and click Export.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating