Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - Quick Start Guide

1 Overview 2 Installing Quest ESSO in Dedicated (ADLDS) Directory Mode 3 Installing Quest ESSO in Corporate (AD) Directory Mode 4 Getting Started with Quest ESSO - Scenario of Use

1.4 Quest ESSO Security

Quest ESSO offers overall data securization and guarantees the user exclusive access to their personal information (application logins and passwords).
Quest ESSO protects Quest ESSO data with the following methods:

1.4.1 User Data Security

This authentication method is available with the Session authentication option (see 1.3.3 Session Authentication).
This authentication method is available with the Windows authentication option (see 1.3.2 Windows Authentication) or the Authentication Manager Authentication option (see 1.3.1 Authentication Manager Authentication).
This authentication method is available with the Authentication Manager authentication option (see 1.3.1 Authentication Manager Authentication) or Public Access authentication option (see 1.3.4 Public Access Authentication for Smart Cards, RFID Readers or Biometric Devices).
Store-On-PC: user biometric data and LDAP password are stored in their workstation local cache, and are protected by the Quest ESSO Client and the administration rights set on the workstation.
Users must enrol their biometric data on every workstation they use.
Store-On-Server: user biometric data enrolment is centralized by the Quest ESSO Controller and stored in the directory. In this mode, a Quest ESSO Controller must be available for authentication.
Users enrol their biometric data once by typing their name and password before placing their finger on the biometric scanner. Then they can connect to every workstation of the
Quest ESSO forest without having to enrol their biometric data on each workstation they use.
This authentication method is available with the Authentication Manager authentication option (see 1.3.1 Authentication Manager Authentication) or Biometrics Public Access option (see 1.3.4 Public Access Authentication for Smart Cards, RFID Readers or Biometric Devices).
This authentication method is available with the Authentication Manager authentication option (see 1.3.1 Authentication Manager Authentication) or Public Access authentication option (see 1.3.4 Public Access Authentication for Smart Cards, RFID Readers or Biometric Devices).
Mobile phone (optional)

1.4.2 Administration Data Security

An encryption key generated at Quest ESSO installation time protects sensitive administration data.
Software protection mode: a pass phrase protects the encryption key.
In software protection mode, Quest ESSO can be used without hardware material (smart card). This mode is useful for demonstrations or convenience.
This encryption method is the one used in the installation procedure detailed in
2., "Installing Quest ESSO in Dedicated (ADLDS) Directory Mode" and 3., "Installing Quest ESSO in Corporate (AD) Directory Mode".
Hardware protection mode: a security module (cryptographic smart card) protects the encryption key.
In hardware protection mode, administrators need a personal smart card to perform Quest ESSO administration tasks in Quest ESSO Console.
This mode offers a greater protection than the software protection mode, but it forces the use of smart cards by administrators.

1.4.3 Quest ESSO Controller Security

The Quest ESSO Controller has its own encryption key, which is stored in the secure area of the system registry. It provides one more encryption level to protect sensitive access policy data.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating