Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - Quest ESSO Console Administrator Guide

1. Overview 2 Authenticating to Quest ESSO Console and Managing Protection Modes 3 Searching the Directory Tree 4 Managing Administrators 5 Managing Security Profiles
5.1 Managing Time Slices 5.2 Managing Password Format Control Policies 5.3 Managing User Security Profiles 5.4 Managing Access Point Security Profiles 5.5 Managing Application Security Profiles 5.6 Defining Security Profiles Default Values 5.7 Managing User and Access Point Security Profiles Priorities
6 Managing Directory Objects
6.1 Managing Applications 6.2 Managing Users 6.3 Managing Access Points 6.4 Managing Representative Objects 6.5 Managing Clusters of Access Points 6.6 Selecting a Domain Controller
7 Importing/Exporting Security Profiles and Directory Objects 8 Managing Smart Cards
8.1 Assigning Smart Cards to Users 8.2 Formatting Smart Cards 8.3 Forcing a new PIN 8.4 Disabling Temporarily Smart Cards 8.5 Unlocking Smart Cards 8.6 Sending Smart Cards to a Blacklist 8.7 Extending the Validity of a Smart Card 8.8 Allowing Users to Renew their Smart Card Certificates 8.9 Displaying Smart Card Properties 8.10 Displaying the List of Supported Smart Cards 8.11 Managing Smart Card Configuration Profiles 8.12 Managing Loan Cards 8.13 Managing Smart Cards' Authentication Parameters 8.14 Managing Batches of Smart Cards
9 Managing SA Server Devices 10 Managing RFID Tokens 11 Managing Biometric Enrolment 13 Enabling the Public Key Authentication Method 14 Managing the Emergency Plan 15 Managing Audit Events 16 Managing Reports 17 Customizing Configuration Files 18 Creating Scripts Appendix A: Regular Expressions - Basic Syntax Appendix B: Listing Audit Events and Error Codes Appendix C: Correspondence Between Profile and Administration Rights

6.2.2.6 Creating a Welcome Message

1.
In the tree structure of the Directory panel, select the wanted user.
2.
Click the Connection tab.
3.
In the User message area, type the user welcome message.
4.
Click Apply when done.

6.2.3 Assigning a User Security Profile to a User

Parameters associated with the use of SSOWatch module of Quest ESSO.
1.
In the tree structure of the Directory panel, select the wanted user.
You can also select a group of users by selecting a folder containing the wanted users. Note that this is not possible if the Quest ESSO data is separated from other data (Fedora Directory server in cooperative mode, or Active Directory + ADAM infrastructure for example).
2.
Click the Security Profiles tab.
The Security Profiles tab appears.
Click the button to display and if necessary modify the selected user security profile.
4.
Click Apply.

6.2.4 Declaring a User as an Administrator

2.
If the access to Quest ESSO Console calls for a strong authentication facility, you must assign a smart card to the user, through the Smart Card tab, as described in Section 8., "Managing Smart Cards".

6.2.5 Assigning/Forbidding Access Points to a User

This section describes how to authorize a user to log-on an access point, from the user object. This access is checked by Advanced Login or by the GINA of the workstation client. A user not authorized attempting to logon a workstation will obtain the following message "You are not authorized to log in on this access point".
1.
In the tree structure of the Directory panel, select the wanted user.
2.
Click the Access Points tab.
The Access Points tab appears.
3.
If the Allow on all Access Points parameter of the user security profile associated with this user is selected (for details see Section 5.3.2.1, "Authentication Tab"), you can let this tab blank to authorize all the access points of the directory domain for the selected users. If you want to define authorized/forbidden access points, do the following:
a)
Click the Add/Remove buttons to select the access points that you want to be accessible to the selected application.
Allow/Forbid
If you have added a group of access points and you want to forbid one or more access point(s) of this group, use the
Allow and Forbid buttons.
Modules
To prevent the user from accessing some of the software modules installed on the access point (Advanced Login, Quest ESSO Console, SSOWatch or Enterprise SSO Studio), use the Modules button.
The Quest ESSO Controller uses the following algorithm to assign or forbid access points to users:
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating