Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - SSOWatch Administrator Guide

1 Overview 2 SSOWatch 3 Configuration Editor: Enterprise SSO Studio
3.1 Interface Overview 3.2 Starting and Stopping Enterprise SSO Studio 3.3 Creating or Opening a Configuration 3.4 Configuring General SSO Parameters 3.5 Defining PFCP and Application Profiles 3.6 Defining Application and Technical Definition Objects 3.7 Defining Window Objects 3.8 Testing the SSO 3.9 Exporting or Importing Objects 3.10 Managing Objects in the Tree 3.11 Saving Object Configurations 3.12 Managing Configuration Updates 3.13 Refreshing the Tree
4 The Generic Plug-in 5 The Microsoft Internet Explorer Plugin  6 The SAP R/3 Plug-in 7 Terminal Type Applications 8 The HLLAPI Plug-in 9 Advanced Configuration 10 OLE/Automation Interface Appendix A: Cache Tuning and Asynchronous Update of the Application Data Appendix B: Integrating Care-FX with SSOWatch

3.5.2 Defining the Application Profiles

A default Application profile configuration exists in Enterprise SSO Studio: you can modify it or create a new one.
The Application profile configuration is only available if you use Enterprise SSO Studio without Controller or Personal SSO Studio. With Controller, the Application profile configuration must be done with the administration console (see Quest ESSO Console Administrator Guide).
1.
In the Enterprise SSO Studio main window, do one of the following, depending on the action you want to perform:
To create a new Application profile, right-click the Configuration objects node and click New Application Profile.
For the Delegation tab (only if you use Enterprise SSO Studio without Controller and in LDAP storage mode), see see 3.5.2.3 Delegation Tab of an Application Profile.
3.
Click OK to save the configuration and close the window.

3.5.2.1 Properties Tab of an Application Profile

The Properties tab allows you to configure the following parameters:
Password Policy associated with the Application Profile.
SSOWatch Desktop options:
This option is available with Personal SSO Studio. It is also available with Enterprise SSO Studio in the Application Profile in Quest ESSO Console.

3.5.2.2 Access Strategy Tab of an Application Profile

The Access Strategy tab allows you to configure the following parameters:
Credential storage
Storage location of the SSO accounts used by the applications associated with the Application Profile.
If you select Store on token, ensure that the proper authentication method is supported. For more information, contact your security administrator.
a)
Users must re-authenticate
Before each SSO, the user must confirm the primary password, PIN or biometric identity.
b)
Users can modify account
This option is selected by default.
a)
Users can display password
The user may ask for the password to be displayed. If this is the case, the user will be asked to re-authenticate.
If the user starts an application for the first time, he/she must complete the authentication data collection dialog box.
If the user has several accounts for an application, he/she must select an account in the account selection dialog box (the Cancel button is unavailable).
If a problem occurs (for example, if the authentication data cannot be saved due to network issues), the Cancel button is available again to allow the user to log on manually or to quit the application.
For the current session only: if the user cancels the SSO execution, he/she can then start as many application instances as required, the SSO execution remains disabled.
The SSO is enabled again when the user quits all the application instances and restarts the application (or resets the SSO configuration or restarts
SSOWatch).
This area only appears if you use Enterprise SSO Studio without controller and in LDAP storage mode. It allows you to select the way the secondary accounts used by the applications associated with the Application Profile are ciphered. In the drop-down list, select one of the following entries:
a)
User: only the user can decipher his/her secondary accounts. This is the most secure option.
b)
User, administrators: the user and you can decipher his/her secondary accounts. Thus, if you force a new primary password or assign a new smart card using Quest ESSO Console, the user's secondary accounts are also recovered.
c)
User, administrators and an external key: select this entry to allow an external application to decipher the user's secondary accounts using a public key. For example, you must select this entry if you want to use Quest ESSO with Web Access Manager (WAM). By selecting this entry, you allow WAM to decipher the Quest ESSO secondary accounts of the user so that WAM can perform SSO with these accounts.

3.5.2.3 Delegation Tab of an Application Profile

The Delegation tab is only available if you use Enterprise SSO Studio without Controller and in LDAP storage mode.
The Delegation tab allows you to define the methods for delegating accounts to users:
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating