1. |
In Quest ESSO Console File menu, click Configuration, and in the displayed window select the Public Key Authentication tab. |
The Public Key Authentication tab only appears upon a successful extension of the Quest ESSO directory and a successful creation of the default objects. For more information, see Quest ESSO Installation Guide. |
2. |
Select the first check box: Users can authenticate using a public key Certificate. Any valid certificate (…) to authenticate users. |
3. |
Select the second check box: Users can enroll their public key Certificate. Any valid certificate (…) may be enrolled. |
4. |
If you do not want that users provide their password at enrollment if the certificate is valid, select the Upon enrolment of a new certificate, reinitialize the user's password if the current password cannot be recovered. |
• |
If the Primary password is stored as an SSO account, encrypt by option is set in the user security profile, the option is used: see Section 5.3.2.1, "Authentication Tab" for details. |
5. |
You must then configure the set of authorized certification authorities by filling in the Certification Authorities area, as described below. |
1. |
In the Certification Authorities area, click the Import button, and use the displayed window to select a CA certificate from a DER-encoded (*.cer or *.crt) or a PEM encoded (*.pem) file. |
3. |
To confirm the activation of the Certification Authority as a permitted emitter of users’ public key certificate for Quest ESSO PKA, click the Import button |
If the imported CA certificate contains the URL of a point of distribution of certification revocation information (available in the form of a CRL or an OCSP responder), the creation of the Certification Authority in the Quest ESSO directory also creates an object corresponding to each point of distribution (this is the case in our example). |
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy