Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - Quest ESSO Console Administrator Guide

1. Overview 2 Authenticating to Quest ESSO Console and Managing Protection Modes 3 Searching the Directory Tree 4 Managing Administrators 5 Managing Security Profiles
5.1 Managing Time Slices 5.2 Managing Password Format Control Policies 5.3 Managing User Security Profiles 5.4 Managing Access Point Security Profiles 5.5 Managing Application Security Profiles 5.6 Defining Security Profiles Default Values 5.7 Managing User and Access Point Security Profiles Priorities
6 Managing Directory Objects
6.1 Managing Applications 6.2 Managing Users 6.3 Managing Access Points 6.4 Managing Representative Objects 6.5 Managing Clusters of Access Points 6.6 Selecting a Domain Controller
7 Importing/Exporting Security Profiles and Directory Objects 8 Managing Smart Cards
8.1 Assigning Smart Cards to Users 8.2 Formatting Smart Cards 8.3 Forcing a new PIN 8.4 Disabling Temporarily Smart Cards 8.5 Unlocking Smart Cards 8.6 Sending Smart Cards to a Blacklist 8.7 Extending the Validity of a Smart Card 8.8 Allowing Users to Renew their Smart Card Certificates 8.9 Displaying Smart Card Properties 8.10 Displaying the List of Supported Smart Cards 8.11 Managing Smart Card Configuration Profiles 8.12 Managing Loan Cards 8.13 Managing Smart Cards' Authentication Parameters 8.14 Managing Batches of Smart Cards
9 Managing SA Server Devices 10 Managing RFID Tokens 11 Managing Biometric Enrolment 13 Enabling the Public Key Authentication Method 14 Managing the Emergency Plan 15 Managing Audit Events 16 Managing Reports 17 Customizing Configuration Files 18 Creating Scripts Appendix A: Regular Expressions - Basic Syntax Appendix B: Listing Audit Events and Error Codes Appendix C: Correspondence Between Profile and Administration Rights

9.2.4 Managing the Link Between User and SA Server Device

In the Directory panel of Quest ESSO Console, in the Smart Card tab, the SA Server tab allows you to manage the SA Server device of a user.
User ID/User State: information fields.
Block/Unblock button:
The Block button allows you to prevent the user from authenticating. The user cannot authenticate when his state is "Block". In this case, the button becomes Unblock.
The Unblock button allows you to authorize a blocked user to authenticate again.
Revoke button: this button allows you to revoke the user by definitively cancelling his user ID. This action is irreversible.
Unlock button: this button is only available if the user is locked, which means he has reached the maximum number of allowed password attempts (this number is defined in Gemalto SA Server user settings).
This button allows you to unlock the user by resetting the user password attempts.
Device ID/Device state: information fields retrieved from the device.
Device expiration check box: this check box makes available the device expiration field and allows you to update the device expiration date.
OTP attempts field: this field displays the OTP attempts counter as follows:
<number of OTP attempts>/<maximum attempts before lock>
The maximum number of OTP attempts is defined in Gemalto SA Server OATH policy.
Reset OTP attempts button: this button allows you to unlock the device in case it has reach the maximum number of OTP attempts.
Block/Unblock button:
The Block button allows you to prevent the device from being used. The device cannot be used to authenticate when his state is "Block". In this case, the button becomes Unblock.
The Unblock button allows you to allow a blocked device to authenticate again.
Revoke button: this button allows you to revoke the device by definitively cancelling it. This action is irreversible, the device cannot be used again.
The Link User button is displayed in the following cases:
If the device-user link is not established in SA Server.
In this case, this button allows you to link the device to the user in SA Server with the following window.
This window allows you to update in the SA Server the information entered while assigning the device to the user.
The information already entered at assignment time (see
Assigning an SA Server Device to a User) is not displayed in the window:
If the user does not exist in SA Server yet.
In this case, this button allows you to create the user and link the device to the user in SA Server, with the following window:
The Remove User button allows you to remove the device-user link.
If you remove a device-user link, you will be able to link them again later on without having to re-enter the necessary information, with the
Link User button.

10 Managing RFID Tokens

To enable the management of RFID tokens, the RFID option must have been selected upon the installation of Quest ESSO Console. For more details, see Quest ESSO Installation Guide.
RFID, which is the acronym of Radio Frequency IDentification is a technology used anywhere that a unique identification system is needed. In information systems, RFID can be used to secure equipped workstations. An RFID system consists of an antenna and a transceiver (short for transmitter-receiver), which read the radio frequency and transfer the information to an RFID token, which contains the information to be transmitted.
Quest ESSO can handle active and passive RFID tokens. For more information on supported RFID technologies, see Release Notes
D:\EKA_QS_workes\1344_Quesso\!_Shemes\Schema_RFIDTokenStates_US_1.tif
The RFID panel, which gives you an overview of the RFID tokens used in the company. You may use the intuitive filter area, useful when managing many and many tokens.
The Directory panel, which allows you to manage the RFID tokens of a specific user and to configure RFID parameters:

10.1 Assigning an RFID Token

In classic administration mode:
"Smart card administrator" and at least, one of the following profiles: "Security object administrator" or "Access administrator" or "Rights administrator".
2.
In the directory tree (Directory panel), select the user for whom you want to assign an RFID token and click the RFID tab.
The RFID tab appears.
3.
Click Assign.
5.
(Optional): select Expiry date to define the day and hour of the RFID token expiration.
6.

10.2 Locking and Unlocking an RFID Token

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating