Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - Quick Start Guide

1 Overview 2 Installing Quest ESSO in Dedicated (ADLDS) Directory Mode 3 Installing Quest ESSO in Corporate (AD) Directory Mode 4 Getting Started with Quest ESSO - Scenario of Use

1.5 Quest ESSO Model

The following shows an overview of the Quest ESSO objects and profiles that make up the Quest ESSO model.
Quest ESSO access policy is based on the management of the three following types of objects and their relation:
The users.
The applications.
The client workstations (access points) on which users log on to access their applications.
The user profile is associated with users, groups of users or Organizational Units and defines authentication methods, time slice, Self Service Password Request (SSPR) and so on.
The access point profile is associated with access points, groups of access points or Organizational Units and defines authentication methods, availability of Quest ESSO modules and so on.
The application profile is associated with the user access to an application. It defines password format control policy and password generation policy.
A technical definition describes how SSO is performed. This object is created in Enterprise SSO Studio and is associated with an application in Quest ESSO Console.

1.6 The Self Service Password Request (SSPR) Feature

During their first connection to Quest ESSO, users are prompted to initialize the SSPR feature by recording the answers to questions that the administrator has defined in the access policy.
To reset their password or PIN, users have to answer the questions they have chosen.
During their first connection to Quest ESSO, users are prompted to enroll their mobile phone. To reset their password, they just have to log on to their workstation using their mobile phone and change their password through a dedicated window.
As illustrated in 1.2 Quest ESSO Architecture and Component Description, the Self Service Password Request (SSPR) server requires an SSPR administrator account  that is used to automatically perform the password change.
If the administrator security data is protected by the hardware protection mode, a smart card must be permanently connected to the Self Service Password Request (SSPR) server, so that the user password can be modified.
If the administrator security data is protected by the software protection mode, the SSPR administrator credentials (securely stored on the server) are sufficient to perform the user password change.
SSPR from the Advanced Login Authentication Window
Users can access the Self Service Password Request (SSPR) feature to reset their password or PIN from the Quest ESSO authentication window, which is delivered with the authentication module called Advanced Login.

2 Installing Quest ESSO in Dedicated (ADLDS) Directory Mode

This section gives all the necessary instructions to install the Quest ESSO solution. It does not detail all installation parameters and options but gives an installation scenario that will allow you to get started with Quest ESSO.
This installation scenario explains how to install Quest ESSO in Dedicated directory mode, with the Authentication Manager Authentication option.
Make sure you have valid Quest ESSO licence keys, given by your Quest Software representative.
Download the Quest ESSO installation package and unzip it.

2.1 Initializing the Directory and Installing the Quest ESSO Controller

Initializing the directory and installing the Quest ESSO Controller on a server is the first and mandatory step in Quest ESSO installation process.
The following illustration shows an overview of the Quest ESSO Controller installation steps.
If you want to install the Quest ESSO Controller on a Windows x64, you must previously install OLEDB Provider in 64 bits (it is not included by default in the OS).
The Quest ESSO installation wizard welcome window appears.
In the Quick Installation/in a dedicated AD LDS directory area, click Install a Controller (or click x64 if it corresponds to your Windows system processor).
The Quest ESSO Controller installation wizard welcome window appears.
In the Customer ID field, type your Customer ID provided by your Quest Software representative.
Click Import to select your licence key file.
Click Next.
In the Customer ID field, type your Customer ID.
Click Next.
Click Select to select the dedicated directory administrator.

Type the user name and password of the account that will be used by the Quest ESSO Controller: this account must be the one of a user of the domain who has the permission to reset the passwords of the corporate directory users.
Click Next.
Click Install a MySQL database server dedicated to Quest ESSO audit.
Click Next.
The Data folder, Port number and Super user name fields are already filled-in.
In the Super user password and Confirm fields, type a password for the database super-user that is about to be created.
Click Next.
If you want to modify the displayed data, click the Advanced button to edit the fields.
Click Next.
The window displays the default Quest ESSO primary administrator.
In the Security passphrase and Confirm fields, type a pass phrase, which is the software protection of Quest ESSO solution.
Click Next.
Click Next.
Click Next.
Click Next.
The Quest ESSO Controller installation starts.
Click Finish.
The directory is initialized, the Quest ESSO Controller, Audit database and Quest ESSO Console are installed.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating