Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - Quest ESSO Console Administrator Guide

1. Overview 2 Authenticating to Quest ESSO Console and Managing Protection Modes 3 Searching the Directory Tree 4 Managing Administrators 5 Managing Security Profiles
5.1 Managing Time Slices 5.2 Managing Password Format Control Policies 5.3 Managing User Security Profiles 5.4 Managing Access Point Security Profiles 5.5 Managing Application Security Profiles 5.6 Defining Security Profiles Default Values 5.7 Managing User and Access Point Security Profiles Priorities
6 Managing Directory Objects
6.1 Managing Applications 6.2 Managing Users 6.3 Managing Access Points 6.4 Managing Representative Objects 6.5 Managing Clusters of Access Points 6.6 Selecting a Domain Controller
7 Importing/Exporting Security Profiles and Directory Objects 8 Managing Smart Cards
8.1 Assigning Smart Cards to Users 8.2 Formatting Smart Cards 8.3 Forcing a new PIN 8.4 Disabling Temporarily Smart Cards 8.5 Unlocking Smart Cards 8.6 Sending Smart Cards to a Blacklist 8.7 Extending the Validity of a Smart Card 8.8 Allowing Users to Renew their Smart Card Certificates 8.9 Displaying Smart Card Properties 8.10 Displaying the List of Supported Smart Cards 8.11 Managing Smart Card Configuration Profiles 8.12 Managing Loan Cards 8.13 Managing Smart Cards' Authentication Parameters 8.14 Managing Batches of Smart Cards
9 Managing SA Server Devices 10 Managing RFID Tokens 11 Managing Biometric Enrolment 13 Enabling the Public Key Authentication Method 14 Managing the Emergency Plan 15 Managing Audit Events 16 Managing Reports 17 Customizing Configuration Files 18 Creating Scripts Appendix A: Regular Expressions - Basic Syntax Appendix B: Listing Audit Events and Error Codes Appendix C: Correspondence Between Profile and Administration Rights

6.4 Managing Representative Objects

6.4.1 Managing Inbound Representative Objects

An Inbound Representative object represents a set of users that are not part of the domain the Representative belongs to.
You assign a security profile to this representative, and choose what access points of the local domain must be accessible to the represented users in "access-point-management" mode. Thus, these users will be able to logon to access points that are not part of their domain.
In "no-access-point-management" mode, a user can open a Quest ESSO session on an access point of a foreign domain only if the representative of the user is authorized to authenticate on all access points. In the security profile of the representative, the Allow on all Access Points field must be selected, as described in Section 5.3.2.1, "Authentication Tab".

6.4.1.1 Creating/Modifying an Inbound Representative Object

1.
In the tree structure of the Directory panel, right-click the Organizational Unit that must contain your Inbound object and select New\Representative.
2.
Click Inbound access and click OK.
The Inbound Object configuration tabs appears
3.
In the Configuration tab, in the Representative area, type the name of the Representative you are creating.
8.
Click Apply.
1.
In the tree structure of the Directory panel, select the Inbound Object to modify.
The Inbound Object configuration tabs appear.
6.
Click Apply.

6.4.1.2 Defining the Set of Users to Represent

In the Configuration tab, in the Represented population area, use the Add and Remove buttons to choose the users of external domains that you want to be represented by the Representative.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating