Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - Quest ESSO Console Administrator Guide

1. Overview 2 Authenticating to Quest ESSO Console and Managing Protection Modes 3 Searching the Directory Tree 4 Managing Administrators 5 Managing Security Profiles
5.1 Managing Time Slices 5.2 Managing Password Format Control Policies 5.3 Managing User Security Profiles 5.4 Managing Access Point Security Profiles 5.5 Managing Application Security Profiles 5.6 Defining Security Profiles Default Values 5.7 Managing User and Access Point Security Profiles Priorities
6 Managing Directory Objects
6.1 Managing Applications 6.2 Managing Users 6.3 Managing Access Points 6.4 Managing Representative Objects 6.5 Managing Clusters of Access Points 6.6 Selecting a Domain Controller
7 Importing/Exporting Security Profiles and Directory Objects 8 Managing Smart Cards
8.1 Assigning Smart Cards to Users 8.2 Formatting Smart Cards 8.3 Forcing a new PIN 8.4 Disabling Temporarily Smart Cards 8.5 Unlocking Smart Cards 8.6 Sending Smart Cards to a Blacklist 8.7 Extending the Validity of a Smart Card 8.8 Allowing Users to Renew their Smart Card Certificates 8.9 Displaying Smart Card Properties 8.10 Displaying the List of Supported Smart Cards 8.11 Managing Smart Card Configuration Profiles 8.12 Managing Loan Cards 8.13 Managing Smart Cards' Authentication Parameters 8.14 Managing Batches of Smart Cards
9 Managing SA Server Devices 10 Managing RFID Tokens 11 Managing Biometric Enrolment 13 Enabling the Public Key Authentication Method 14 Managing the Emergency Plan 15 Managing Audit Events 16 Managing Reports 17 Customizing Configuration Files 18 Creating Scripts Appendix A: Regular Expressions - Basic Syntax Appendix B: Listing Audit Events and Error Codes Appendix C: Correspondence Between Profile and Administration Rights

6.2.6 Managing User Accounts

The Accounts tab allows you to manage user's accounts.
1.
In the tree structure of the Directory panel, select the wanted user.
2.
Click the Accounts tab.
The Accounts tab appears.
Check box selected: the tab displays all the accounts that are not collected.
Check box cleared: the tab only displays the accounts that have been collected.
Export button
Properties button
Login field: account login.
Password field: account password. You can manually type it or automatically generate it by clicking the Generate button.
Password must change at next logon check box
If this check box is selected, the user will be prompted to change his/her password at first application logon with this account.
Clear password history check box: if this check box is selected, all previous passwords are deleted, which means that previously existing password can be used again.
Parameters area: if any, displays additional parameters for the account, and allows you to define them.
New button
Delete button

6.2.7 Sending SSO Account Passwords to Users

To perform this task, you must have the Emergency plan: Send SSO data by mail to users administration role.
If you authenticate with a smart Card to access Quest ESSO Console, the recuperator role must be set on the card.
1.
In the tree structure of the Directory panel, right-click the wanted user and select Send SSO Data by mail.
The Send SSO data by mail window appears.

6.2.8 Defining Additional Security Policy Parameters for Groups of Users

The Policies tab (only available from a group object) is dedicated to Cluster users and allows you to authorize members of the group to delegate their Windows session to another member of the group.
For more details on the conditions under which a user can delegate a session, see Administrator Guide for Cluster Mode of Advanced Login .
1.
In the tree structure of the Directory panel, select the wanted group of users.
2.
Click the Policies tab.
3.
Select the Define additional Security Policies for members of this group check box.
4.
In the Windows Session Delegation Policy area, select the check box corresponding to the type of delegation you want to authorize to members of the group:
Allow permanent delegation: when a user delegates his/her session, the session is delegated until he/she ends the delegation authorization through the Cluster wizard.
Allow temporary delegation: when a user delegates his/her session, the session is delegated until he/she re-authenticates.
5.
Click Apply.

6.2.9 Managing User Smart Cards

You can manage user's smart cards from the Directory panel, through the Smart Cards tab. But you can also manage smart cards from the Smart Card panel. For practical reasons, all administration tasks related to smart cards are described in a well-marked section. Thus, for more information on how to manage smart cards, see Section 8., "Managing Smart Cards".
The Smart Card tab only appears if you have the "Smart card administrator" role.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating