Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - Quest ESSO Console Administrator Guide

1. Overview 2 Authenticating to Quest ESSO Console and Managing Protection Modes 3 Searching the Directory Tree 4 Managing Administrators 5 Managing Security Profiles
5.1 Managing Time Slices 5.2 Managing Password Format Control Policies 5.3 Managing User Security Profiles 5.4 Managing Access Point Security Profiles 5.5 Managing Application Security Profiles 5.6 Defining Security Profiles Default Values 5.7 Managing User and Access Point Security Profiles Priorities
6 Managing Directory Objects
6.1 Managing Applications 6.2 Managing Users 6.3 Managing Access Points 6.4 Managing Representative Objects 6.5 Managing Clusters of Access Points 6.6 Selecting a Domain Controller
7 Importing/Exporting Security Profiles and Directory Objects 8 Managing Smart Cards
8.1 Assigning Smart Cards to Users 8.2 Formatting Smart Cards 8.3 Forcing a new PIN 8.4 Disabling Temporarily Smart Cards 8.5 Unlocking Smart Cards 8.6 Sending Smart Cards to a Blacklist 8.7 Extending the Validity of a Smart Card 8.8 Allowing Users to Renew their Smart Card Certificates 8.9 Displaying Smart Card Properties 8.10 Displaying the List of Supported Smart Cards 8.11 Managing Smart Card Configuration Profiles 8.12 Managing Loan Cards 8.13 Managing Smart Cards' Authentication Parameters 8.14 Managing Batches of Smart Cards
9 Managing SA Server Devices 10 Managing RFID Tokens 11 Managing Biometric Enrolment 13 Enabling the Public Key Authentication Method 14 Managing the Emergency Plan 15 Managing Audit Events 16 Managing Reports 17 Customizing Configuration Files 18 Creating Scripts Appendix A: Regular Expressions - Basic Syntax Appendix B: Listing Audit Events and Error Codes Appendix C: Correspondence Between Profile and Administration Rights

4.1.1 The Classic Administration Mode

Quest Software delivers the following administration profiles:

4.1.2 The Advanced Administration Mode

In advanced administration mode, the administration profiles are not limited to eight categories: you can create your own administration profiles by selecting the wanted administration rights.

4.1.3 Administration Role Inheritance

D:\EKA_QS_workes\1344_Quesso\!_Shemes\Schema_ConsoleAdminRoleInheritance_US_1.tif
The tree structure root is the IT Security Manager (or primary administrator), which corresponds to a specific user created in the LDAP directory during the installation of the solution. It is a super-administrator who can manage all the objects in the directory and who has all the rights relating to the general configuration of the product.
For security reasons, upon the first start of the Quest ESSO Console, he must authenticate using a Security Module or a pass phrase, depending on the protection mode that has been selected during the installation (for more information on the protection modes, see Section 2., "Authenticating to Quest ESSO Console and Managing Protection Modes").

4.2 Delegating Administration Roles

1.
In the Directory panel, select the user to whom you want to delegate your administration role.
2.
In the Administration tab, click Delegate.
Classic
Administration

Mode
4.
Click Apply.
Managed users restrictions button: this button allows you to restrict the number of users the administrator can administer, by displaying the Managed users window.
Audit visibility restrictions button: if the selected user is an Auditor administrator or has the "Audit: Visualization" administration rights (advanced administration mode), this button allows you to define the population the administrator has the right to audit.
By default, the Audit Populations area is empty. It means the administrator can audit all the objects of the directory.
To restrict the Auditor right to a set of audit populations, use one of the following buttons:
Select button: this button displays the list of audit populations that has already been defined in Quest ESSO Console (for more information on audit populations, see Section 15.2, "Defining an Audit Population").
Select the audit populations to which you want to restrict the auditor right and click
OK.
The selected population(s) appears in the
Audit Populations area.
Browse button: this button allows you to select the group, organization or directory to which you want to restrict the auditor right.
Use the
Browse tab to browse the directory tree structure or use the Search tab to find the group/organization/directory according to its name, and click OK.
If the selected object is not already marked as an audit population, a dialog box allows you to directly mark it.
The selected population(s) appears in the
Audit Populations area.
In Classic administration mode:
Select the check boxes corresponding to the administration profiles you want to delegate to the user (for more details on existing administration profiles, see Section 4.1.1 The Classic Administration Mode).
Delegate button
Transfer button
Delete button
Audit area (advanced administration mode only):
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating