Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - Quest ESSO Console Administrator Guide

1. Overview 2 Authenticating to Quest ESSO Console and Managing Protection Modes 3 Searching the Directory Tree 4 Managing Administrators 5 Managing Security Profiles
5.1 Managing Time Slices 5.2 Managing Password Format Control Policies 5.3 Managing User Security Profiles 5.4 Managing Access Point Security Profiles 5.5 Managing Application Security Profiles 5.6 Defining Security Profiles Default Values 5.7 Managing User and Access Point Security Profiles Priorities
6 Managing Directory Objects
6.1 Managing Applications 6.2 Managing Users 6.3 Managing Access Points 6.4 Managing Representative Objects 6.5 Managing Clusters of Access Points 6.6 Selecting a Domain Controller
7 Importing/Exporting Security Profiles and Directory Objects 8 Managing Smart Cards
8.1 Assigning Smart Cards to Users 8.2 Formatting Smart Cards 8.3 Forcing a new PIN 8.4 Disabling Temporarily Smart Cards 8.5 Unlocking Smart Cards 8.6 Sending Smart Cards to a Blacklist 8.7 Extending the Validity of a Smart Card 8.8 Allowing Users to Renew their Smart Card Certificates 8.9 Displaying Smart Card Properties 8.10 Displaying the List of Supported Smart Cards 8.11 Managing Smart Card Configuration Profiles 8.12 Managing Loan Cards 8.13 Managing Smart Cards' Authentication Parameters 8.14 Managing Batches of Smart Cards
9 Managing SA Server Devices 10 Managing RFID Tokens 11 Managing Biometric Enrolment 13 Enabling the Public Key Authentication Method 14 Managing the Emergency Plan 15 Managing Audit Events 16 Managing Reports 17 Customizing Configuration Files 18 Creating Scripts Appendix A: Regular Expressions - Basic Syntax Appendix B: Listing Audit Events and Error Codes Appendix C: Correspondence Between Profile and Administration Rights

8.1.2 Assigning a Smart Card to a User

1.
In the tree structure of the Directory panel, click the user for which you want to assign a smart card.
2.
In the Smart Card tab, click the Assign button.
Click Yes to assign the RFID token to the user.
Click No not to assign the RFID token to the user.
a)
In the Smart card area, select the smart card to assign.
b)
In the Configuration area, select a card model:
Advanced Login and Advanced Login – Smart card Storage: these models generate a card that can be used with the Quest ESSO software modules.
It is recommended to select this card model if the card is only used with Quest ESSO software modules, and if certificates are not used. 
Windows Smartlogon Compatible: (you cannot apply this model using Windows Remote Desktop).
This model generates a card which can be used with standard Windows authentication. It manages a single certificate, which is the smart card authentication certificate. It is not compatible with the two
Advanced Login models.
Cryptoflex IK Compatible: (you cannot apply this model using Windows Remote Desktop).
This configuration generates a card which can be used with standard Windows authentication, in conjunction with IK software from Schlumberger/Axalto.

This configuration loads the authentication certificate and allows two further certificates to be imported from PFX/PKCS#12 files.
5.
Quest ESSO Console allows you to assign smart cards managed outside of Quest ESSO by an external Card Management System.
Attributes used to identify the owner of the smart card: in order to automatically identify the owner of the smart card, Quest ESSO uses an attribute mapping between the content of the user’s certificate found in the card and the directory. The values of both attributes must match to retrieve the owner of the card during authentication.
The employeeNumber directory attribute field displays the new value of that attribute. The new value is obtained from the user's certificate found in the card
The Current value field displays the current directory value of that attribute for the user.
Check box selected (and fields filled-in): the PUK is securely stored in the Quest ESSO directory ; the user does not need to remember it anymore.
If the user smart card happens to be blocked, he/she will have to contact the baldest in order to get an unblocking secret to unblock his/her smart card.
Check box cleared: the PUK is not stored in the Quest ESSO directory
The user can use his/her PUK to unblock his/her smart card.

8.1.3 Assigning a new Smart Card Allowing a User to Log on a Workstation which is Disconnected from the Directory

1.
You must apply the Advanced Login – Smart Card Storage model when you assign the smart card.

8.2 Formatting Smart Cards

1.
In the Smart Card panel, click the  button located in the toolbar.

8.3 Forcing a new PIN

1.
In the Smart Card panel, click the  button located in the toolbar.
The Force PIN window appears.
3.
Either click Generate to create a random new PIN, or enter it manually in the New PIN Code field.
4.
Click Force.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating