Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - Authentication Manager Cluster Administration Guide

Preface Overview Administering Clusters From EAM Console Managing a Cluster from your Workstation Managing Session Delegation

Session Delegation - Mechanism

Definitions

Subject

If for any reason a user has to leave his/her cluster, he/she can delegate his/her Windows session to one or more delegate(s) to monitor or intervene in any of his/her ongoing operations.

Delegation Types

The session delegation can be temporary or permanent:

  • Temporary Session Delegation

    To setup a temporary delegation, a user defines a Primary delegate and (if any) a Backup who can access one or several of his/her Windows sessions when he/she is away.

    The delegation ends when the user authenticates again.

    The following figure illustrates the temporary delegation:

    Figure 2: Temporary Session Delegation

    In a temporary delegation, there are two delegates:

    • The Primary delegate is the main person to whom the user delegates his/her session(s).
    • The Backup delegate is the person monitoring the user workstation if the Primary delegate is not available.
  • Permanent Session Delegation

    To setup a permanent delegation, a user defines one delegate who can access one or several of his/her Windows sessions when he/she is away.

    The delegation does not end when the user authenticates again. He/she must explicitly remove it to cancel it.

Behavior of Delegated Workstations

A delegated workstation is not entirely included in the cluster of the delegate, but the operations performed on the cluster have consequences on the delegated workstation. If the delegate:

  • Locks his/her cluster, the delegated workstation locks.
  • Closes his/her cluster, the delegated workstation locks.
  • Locks or closes the delegated workstation, theses operations are not propagated to his/her cluster.

Required EAM Modules

To use the Cluster function, the following EAM modules must be installed :

  • EAM Console: mandatory.
  • Authentication Manager: mandatory.
  • Enterprise SSO: optional.

For more information on installation of EAM (Enterprise Access Management) modules, see One Identity EAM Installation Guide.

 

Administering Clusters From EAM Console

EAM Console allows you to create and configure clusters of access points, and to authorize users to manage their own cluster.

Related Documents