Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - Quest ESSO Console Administrator Guide

1. Overview 2 Authenticating to Quest ESSO Console and Managing Protection Modes 3 Searching the Directory Tree 4 Managing Administrators 5 Managing Security Profiles
5.1 Managing Time Slices 5.2 Managing Password Format Control Policies 5.3 Managing User Security Profiles 5.4 Managing Access Point Security Profiles 5.5 Managing Application Security Profiles 5.6 Defining Security Profiles Default Values 5.7 Managing User and Access Point Security Profiles Priorities
6 Managing Directory Objects
6.1 Managing Applications 6.2 Managing Users 6.3 Managing Access Points 6.4 Managing Representative Objects 6.5 Managing Clusters of Access Points 6.6 Selecting a Domain Controller
7 Importing/Exporting Security Profiles and Directory Objects 8 Managing Smart Cards
8.1 Assigning Smart Cards to Users 8.2 Formatting Smart Cards 8.3 Forcing a new PIN 8.4 Disabling Temporarily Smart Cards 8.5 Unlocking Smart Cards 8.6 Sending Smart Cards to a Blacklist 8.7 Extending the Validity of a Smart Card 8.8 Allowing Users to Renew their Smart Card Certificates 8.9 Displaying Smart Card Properties 8.10 Displaying the List of Supported Smart Cards 8.11 Managing Smart Card Configuration Profiles 8.12 Managing Loan Cards 8.13 Managing Smart Cards' Authentication Parameters 8.14 Managing Batches of Smart Cards
9 Managing SA Server Devices 10 Managing RFID Tokens 11 Managing Biometric Enrolment 13 Enabling the Public Key Authentication Method 14 Managing the Emergency Plan 15 Managing Audit Events 16 Managing Reports 17 Customizing Configuration Files 18 Creating Scripts Appendix A: Regular Expressions - Basic Syntax Appendix B: Listing Audit Events and Error Codes Appendix C: Correspondence Between Profile and Administration Rights

6.4.5 Deleting Representative Objects

In the Directory panel, right-click the Representative Object to delete and select Delete.

6.5 Managing Clusters of Access Points

A Cluster of access points is a set of computers on which the Windows sessions are synchronized by Quest ESSO. Operations that a user performs on the Windows session (opening, closing, locking, unlocking) of a computer that belongs to the cluster are automatically and simultaneously performed on all the other computers that form the cluster.
In a cluster of access points, the computer on which the user performs an action is called the master computer. The same action is simultaneously performed on the other computers of the cluster, called slaves.
A Quest ESSO Controller does not work in Cluster mode.
For more information on Clusters, see Administrator Guide for Cluster Mode of Advanced Login.
If a slave computer is not reachable at session opening on the master computer, the session opening operation on this slave computer will be performed as soon as the network is restored.

6.5.1 Creating and Configuring a Cluster of Access Points

Make sure that none of the computer you want to place in the cluster is a Quest ESSO Controller.
Quest ESSO must be configured in "manage-access-point" mode.
The "Cluster Server" license keys must be installed on the Quest ESSO Controller and the "Cluster Client" license keys must be installed on all Quest ESSO workstations on which you want to use the Cluster feature.
1.
In the tree structure of the Directory panel, right-click the Organizational Unit that must contain your Cluster of access points and select New\Cluster of access points.
The Configuration tab appears.
2.
Fill in the Name field.
3.
Click the Add button to select the access points you want to add to the cluster.
Use the
Browse tab to browse the directory tree structure or use the Search tab to find the access point by typing its name.
4.
Define the cluster properties as explained in the following "Configuration" Tab Description section.
5.
Click Apply.
"Configuration" Tab Description
If this check box is selected, users allowed to access one of the cluster computer will be able to temporarily exclude a computer from the cluster, from the Advanced Login application module (see Administrator Guide for Cluster Mode of Advanced Login for more details).
Check box selected: users allowed to access one of the cluster computer can simultaneously restart all the computers of the cluster by launching a command menu from the Advanced Login application module.
Check box cleared: users are not allowed to reboot all the computers of the cluster.
Check box selected: if a user restarts a computer of the cluster, the sessions of the other computers remain in the state their were before the reboot operation.
Check box cleared: if a user restarts a computer of the cluster, the sessions of the other computers are closed.
Members table
If you have authorized a list of users to add/remove access point of the current cluster to/from their own cluster (see 6.5.2.1 Authorizing Users to Access Workstations of the Cluster), this area gives information on how authorized users have composed their own cluster, by the use of colored icons:
 : the access point is not originally part of the cluster. It has been added to the cluster by an authorized user.
Option button
Gives access to the Cluster Lock Mode window.
To modify the logo displayed on screen, save a WGLock.bmp file corresponding to the wanted logo in the Quest ESSO Client installation folder (the default folder is Programs\Quest Software\Enterprise SSO).
d)
Remove button
e)
Add button
Allows you to select the access points you want to add to the cluster.
The
Browse tab allows you to browse the directory tree structure and the Search tab allows you to find the access point by typing its name..
f)

6.5.2 Managing Users' Permissions on a Cluster

If a user adds an access point to his/her own cluster, the access point stays linked to the original cluster. When the user decides to release the access point, it is automatically associated back to its original cluster.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating