If you use Quest ESSO Console in advanced administration mode, the Application: Manage all applications administration right can be delegated to administrators so that they can manage all applications even if they have not created them. For more details on administration rights, see Section 4., "Managing Administrators". |
1. |
2. |
• |
Modify the main administrator of the application, using the Select button. |
• |
Define other administrators allowed to manage the application, using the Add and Remove buttons. |
• |
1. |
2. |
a) |
Fill in the Credentials area. This area allows you to define the Account creation rules. Enter the following information: |
• |
In the Login field, enter a login creation rule. For example, type (cn) to define the Common Name as the name used as the Account login. |
For more details on the login creation rule syntax, see 6.1.3 Creating the Account Properties of an Application, Step 3 of the "Defining Account Rules" procedure. |
• |
Then: Either select Random password generation to define a random password for each Account. This password is created depending on the defined PFCP (for more details, see Section 5.2, "Managing Password Format Control Policies"). Or if you want a single password for all the Accounts, clear Random password generation and enter a password in the Password field. |
b) |
The Parameters area is optional. It allows you to add additional authentication parameters if needed (as Windows Domains or Languages for example). |
c) |
Fill in the Generate accounts for only these users area. This area allows you to select the users who must have Accounts. Depending on your needs, do one of the following: |
• |
If you want to create Accounts for all the users who have access to the application (that is who are listed in the User Access tab), but who do not have any Account created, check that Do not modify existing accounts is selected. |
• |
• |
d) |
e) |
f) |
• |
If you are working in "no-access-point-management" mode, the Access Point tab is not displayed. |
1. |
2. |
3. |
If you select Allow access from all access points declared in the local directory, the selected application will be available on all the computers registered in the same domain as the application. To set the application available for computers registered in different domains, use the representative objects, as described in 6.4 Managing Representative Objects. |
a) |
Click the Add/Remove buttons to select the access points that you want to be accessible to the selected application. |
• |
Allow/Forbid If you have added a group of access points and you want to forbid one or more access point(s) of this group, use the Allow and Forbid buttons. |
• |
Propagation method If you want to specify a specific access point, and if your application uses the SSO propagation method, you must indicate a technical reference. By default, the technical reference specified on the application is used, as described in 6.1.4 Defining the Single Sign-On Properties of an Application. |
1. |
2. |
3. |
• |
Display all accounts without access Shows all accounts that have been collected from users for the selected application, but that are not associated with the application anymore. |
• |
Display all unregistered accounts Shows all users that are authorized to access the selected application, and that have not registered their account for this application (the account is not collected). |
• |
Display all registered accounts Shows all users that are authorized to access the selected application, and that have registered their account for this application (the account is collected). |
• |
Display all accounts Shows all users that are authorized to access the selected application (unregistered and registered accounts). |
• |
Show Parameters check box to display the Authentication parameter linked to the technical definition of the application. |
4. |
Click Apply. |
5. |
In the Export area, select the element of the displayed list you want to export as a .csv file and click Export. |
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy