Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - Quest ESSO Console Administrator Guide

1. Overview 2 Authenticating to Quest ESSO Console and Managing Protection Modes 3 Searching the Directory Tree 4 Managing Administrators 5 Managing Security Profiles
5.1 Managing Time Slices 5.2 Managing Password Format Control Policies 5.3 Managing User Security Profiles 5.4 Managing Access Point Security Profiles 5.5 Managing Application Security Profiles 5.6 Defining Security Profiles Default Values 5.7 Managing User and Access Point Security Profiles Priorities
6 Managing Directory Objects
6.1 Managing Applications 6.2 Managing Users 6.3 Managing Access Points 6.4 Managing Representative Objects 6.5 Managing Clusters of Access Points 6.6 Selecting a Domain Controller
7 Importing/Exporting Security Profiles and Directory Objects 8 Managing Smart Cards
8.1 Assigning Smart Cards to Users 8.2 Formatting Smart Cards 8.3 Forcing a new PIN 8.4 Disabling Temporarily Smart Cards 8.5 Unlocking Smart Cards 8.6 Sending Smart Cards to a Blacklist 8.7 Extending the Validity of a Smart Card 8.8 Allowing Users to Renew their Smart Card Certificates 8.9 Displaying Smart Card Properties 8.10 Displaying the List of Supported Smart Cards 8.11 Managing Smart Card Configuration Profiles 8.12 Managing Loan Cards 8.13 Managing Smart Cards' Authentication Parameters 8.14 Managing Batches of Smart Cards
9 Managing SA Server Devices 10 Managing RFID Tokens 11 Managing Biometric Enrolment 13 Enabling the Public Key Authentication Method 14 Managing the Emergency Plan 15 Managing Audit Events 16 Managing Reports 17 Customizing Configuration Files 18 Creating Scripts Appendix A: Regular Expressions - Basic Syntax Appendix B: Listing Audit Events and Error Codes Appendix C: Correspondence Between Profile and Administration Rights

10.3.2 Blacklisting and Deleting an RFID Token From the RFID Panel

10.4 Modifying the Detection Areas and the Grace Period

The area starting from the sensor antenna through the limit of the lock range is called the visibility area. In this area, the Quest ESSO Controller is able to identify owners of RFID tokens.
D:\EKA_QS_workes\1344_Quesso\!_Shemes\Schema_ConsoleRFIDDetectionAreas_US_1-1.tif
1.
In the Directory panel, select the access point security profile associated with the access points for which you want to modify the detection areas, and click the Active RFID tab.
The RFID tab appears.
1.
In the Directory panel, select the user security profile associated with the users for whom you want to modify the grace period, and click the Security tab.
The Security tab appears.
2.
Modify the Grace period option.
Setting the Grace period to 0 minute is equivalent to clearing the Grace period check box.
3.
Click Apply.

10.5 Exporting a List of RFID Tokens

1.
In the RFID panel, filter the entries that you want to export and click Apply.
2.
Click the Export button, and select in the displayed window the save location of the file.

11 Managing Biometric Enrolment

Quest ESSO Console allows you to manage biometric enrolment of users.
Quest ESSO can work in three modes to authenticate users with their biometric data.
User biometric data and LDAP password are stored in their workstation local cache, and are protected by the Quest ESSO Client and the administration rights set on the workstation.
Users must
enroll their biometric data on every workstation they use.
User biometric data and smart card PIN are stored on their smart card (public area), and are protected by the Quest ESSO Client.
Users
enroll their biometric data once and this data is stored in their smart card.
User biometric data enrolment is centralized by the Quest ESSO Controller and stored in the directory. In this mode, a Quest ESSO Controller must be available for authentication.
Users
enroll their biometric data once by typing their name and password before placing their finger on the biometric scanner. Then they can connect to every workstation of the Quest ESSO forest without having to enroll their biometric data on each workstation they use.
On every workstation on which the user authenticates, a local cache is created, as in the "Store on PC" mode, and the
Quest ESSO Controller retrieves biometric data from the directory to store it in this cache.
The Biometrics panel, which displays the list of users having enrolled biometric patterns, and allows you to export it.
To directly enroll a user’s fingerprints on your workstation, you can click the or the Biometrics menu and select Start scan assistant. The Biometric enrollment tool is then launched.
The Directory panel, which allows you to manage biometric enrolment in the user security profile, and for a specific user. You can also configure biometric parameters on computers in the access point security profile.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating