Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - Authentication Manager for Windows Users Guide

Managing Your Windows Session Accounts

Managing Your Windows Session Accounts

The Windows Session Accounts window enables you to manage your Windows accounts. You can:

Create or delete a Windows account, see Creating a Windows Session Account and Deleting a Windows Session Account.

Delegate your Windows account(s), seeDelegating a Windows Session Account.

Remove your Windows account delegation(s), see Removing a Windows Session Account Delegation.

Creating a Windows Session Account

Before starting

Your administrator must have created a Windows account for you beforehand.

Procedure
  1. Right-click the Authentication Manager icon in the notification area and select Windows Session Accounts.
  2. Re-authenticate if needed.

    The Manage Windows session accounts window appears.

  3. Select a Windows account and click the New button.

    The Windows account properties window appears.

  4. Enter:
    • The Role you want to give the new Windows Account in the Role field.
    • Your Windows identifier in the Identifier field.
    • Your corresponding Windows password in the Password field.
  5. Click the OK button.

    Your Windows session account has been created.

 

Deleting a Windows Session Account

Procedure
  1. Right-click the Authentication Manager icon in the notification area and select Windows Session Accounts.
  2. Re-authenticate if needed.

    The Manage Windows session accounts window appears.

  3. Select the account you want to delete and click Delete.

    Your Windows session account has been deleted.

 

Delegating a Windows Session Account

Procedure
  1. Right-click the Authentication Manager icon in the notification area and select Windows Session Accounts.
  2. Re-authenticate if needed.

    The Manage Windows session accounts window appears.

  3. Select the account you want to delegate and click the Delegate button.

    The Account Delegation window appears.

  4. Type the name of the user to whom you want to delegate your Windows session account in the User name field and click the Search button.

    The list of users appears.

  5. Select the user in the displayed list.
  6. Select the duration of the delegation by clicking the Delegation start and Delegation until drop-down lists.
  7. Click the Delegate button.

    Your Windows session account has been delegated. Next time the user authenticates him/herself, he/she must choose between the displayed Windows session accounts.

 

Removing a Windows Session Account Delegation

Procedure
  1. Right-click the Authentication Manager icon in the notification area and select Windows Session Accounts.
  2. Re-authenticate if needed.

    The Manage Windows session accounts window appears.

  3. Select the delegated Windows session account and click the Remove delegation(s) button.

    Your Windows session account is not delegated anymore.

 

Managing a Cluster from your Workstation

Managing a Cluster from your Workstation

Subject

The Cluster mode enables you to access several workstations simultaneously. When you:

  • Authenticate yourself on a workstation, sessions on other workstations you are using are also unlocked.
  • Lock or switch off a workstation, all other workstations you are using are also locked or switched off.
  • Reboot, you can reboot one or several workstations of your choice or the whole cluster at once.
  • Attach or release a workstation, you can add a workstation from an existing cluster or an entire cluster to your own cluster and then release it.

To manage your cluster, use the Cluster Wizard in the Authentication Manager dialog box.

You can customize the way the workstations of a cluster are displayed on your screen: see Authentication Manager and Enterprise SSO Customization Guide.

Before starting
  • All the actions you can perform from your workstations are only available if they have previously been authorized by the EAM Console administrator: see Authentication Manager Cluster Administrator’s Guide.
  • The Cluster Client license keys must be installed on all EAM workstations on which the Cluster feature is used.

Creating and Configuring your Cluster

Managing the Cluster Composition

If you are authorized to access workstations of a cluster, you can attach one or more workstations from an existing cluster to your cluster. The workstation(s) is(are) detached when you release it(them) from your cluster or if another user authenticates on the original cluster.

Attaching a Workstation to Your Cluster

Subject

Attaching a workstation to your cluster is not a permanent action, you can release a workstation whenever you want. You can attach only the workstations authorized by the administrator.

Before starting

The Windows session of the workstation you want to attach to your cluster must be closed.

Procedure
  1. Right-click the Authentication Manager icon in the notification area and select Manage Cluster.
  2. Re-authenticate if needed.

    The Cluster wizard window appears.

  3. Select Manage my cluster and click Next.

    The following window appears:

  4. Do one of the following actions to add a workstation to your cluster:
    • Type in the name of the workstation you want to attach in the corresponding field and click the Attach button.
    • Click the Select button and select a workstation in the list displayed by the wizard.

    IMPORTANT:Only the workstations authorized by the administrator are displayed.
  5. Click Finish.

    The workstation is now attached to your cluster and its session opens automatically.

 

Releasing a Workstation from your Cluster

Before starting

You can release a workstation/cluster only if you have added it to your cluster beforehand. The released workstation is automatically reattached to its original cluster.

Procedure
  1. Right-click the Authentication Manager icon in the notification area and select Manage Cluster.
  2. Re-authenticate if needed.

    The Cluster wizard window appears.

  3. Select Manage my cluster and click Next.
  4. The Attach/Detach workstation window appears.
  5. Select the workstation you want to detach from your cluster and click the Detach button.
  6. Click Finish.

    The workstation is now released from your cluster and its session closes automatically.

 

Renaming your Workstation

Subject

You can rename your workstation, i.e. give it an alias that is displayed:

  1. In the cluster management windows.
  2. On the desktop (if configured).

Setting an Alias

Procedure
  1. Right-click the Authentication Manager icon in the notification area and select Manage Cluster.
  2. Re-authenticate if needed.

    The Cluster wizard window appears.

  3. Select Manage my cluster and click Next.
  4. The Attach/Detach workstation window appears.
  5. Select one or more of the displayed workstations and click the Set alias button.

    The Set alias dialog box appears.

  6. In the Alias field, enter the alias you want to give to your workstation and click the OK button.

    NOTE: Since the alias must be unique, a check is made to see if it does not already exist.

    The alias of your workstation has been set.

 

Modifying an Alias

Procedure

Repeat the procedure of Setting an Alias and at step 5, modify the alias that is set.

 

Deleting an Alias

Procedure

Repeat the procedure of Setting an Alias and at step 5, delete the text in the Alias field.

 

Executing Maintenance Operations on Your cluster

Removing Temporarily a Workstation from the Cluster

Subject

From your workstation, you can temporarily remove another workstation from the cluster.

This can be useful for maintenance operations: the workstation can be rebooted independently from the others.

Procedure
  1. Right-click the Authentication Manager icon in the notification area and select Deactivate cluster mode.

    The workstation is excluded from the cluster. It remains excluded even when you restart it.

  2. To include the computer back into the cluster, click Activate cluster mode.

 

Rebooting your Cluster

Subject

This action enables you to restart all the workstations in the cluster at once.

Before starting

There are two station behaviors:

  • The master station can accept, decline or delay its reboot.
  • The slave station can only accept or decline its reboot.
Procedure
  1. Right-click the Authentication Manager icon in the notification area and select Reboot Cluster.

    The following dialog box appears:

    IMPORTANT: If the station is a slave station, you can only accept or decline the reboot.
  2. Do one of the following:
    • Click Yes to reboot the cluster except your current workstation.

      The cluster is rebooted and locked: go to step 3.

    • Click No to reboot the cluster including your current workstation.

      The cluster is rebooted.

  3. Do one of the following:
    • Click Yes to reboot your current workstation.

      Your current station is rebooted and the other workstations of the cluster stay locked.

    • Click No to unlock the cluster without rebooting your current workstation.

 

Refreshing the Displayed Data

Subject

If you change your desktop wallpaper, the cluster data disappears from the desktop. To re-display this data, execute the following procedure.

Procedure

 

  • Right-click the Authentication Manager icon in the notification area and select Redraw wallpaper.

    The cluster data is re-displayed on the desktop.

 

Managing Session Delegation

Managing Session Delegation

Configuring Session Delegation

If for any reason you have to leave your workstation or cluster, you can delegate your Windows session to your delegate to monitor or intervene in any of your ongoing operations.

You can configure session delegation either:

Configuring Session Delegation in a Cluster

In cluster mode, you can delegate your workstation to your Primary delegate or your Backup:

  • The Primary delegate is the main person to whom you are delegating your session.
  • If the Primary delegate is not available, the Backup is the one monitoring your workstation.

For more information on cluster configuration, go to Section 9., "Gérer une grappe à partir de votre poste de travail".

There are two types of session delegation:

Setting a Temporary Session Delegation

Subject
  • If the administrator has activated the approval function, your Primary delegate or your Backup must be at his workstation to accept the session delegation, i.e. with an unlocked workstation.
  • Once you have delegated your session, if your Primary delegate leaves and locks his workstation, your delegated workstations are not part of his cluster anymore. If he wants to include them back into his cluster, he must follow the procedure described in Accessing a Colleague’s Workstation in a Cluster.
Procedure
  1. Right-click the Authentication Manager icon in the notification area and select Set temporary session delegation.
  2. Re-authenticate if needed.

    The Cluster wizard window appears.

  3. Click the Manage delegates button to select your Favorite users and fill-in the Primary delegate and Backup drop-down lists. If you have already done so, go directly to step 7.

    The Manage delegates window appears.

  4. Select your favorite users by typing their name in the Find names starting with field and click the Search button.

    A list of the names appears in the Search Results area.

  5. Select your favorite users and click the Add button to add the names to your favorite users list.
  6. Click Close.
  7. In the Primary delegate drop-down list, select your Primary delegate.
  8. If you want a Backup, select the Backup check box and select him/her in the drop-down list.
  9. Click the Advanced Delegation button to delegate more than one workstation from your cluster.
  10. Click the Delegate button.

    Your temporary session delegation is now set and the selected workstation(s) from your cluster is(are) delegated, pending approval from the Primary delegate/Backup.

    NOTE: If you retrieve your smart card, your cluster locks itself except your delegated workstations.

Ending a Temporary Session Delegation

Subject

There are different ways to end a temporary session delegation. If the master workstation is delegated, you have to end the delegation and lock the workstation by inserting your smart card and re-authenticate yourself.

Procedure

Do one of the following:

  • Reauthenticate yourself.
  • Use Authentication Manager:
    1. Right-click the Authentication Manager icon in the notification area and select Set temporary session delegation.
    1. Reauthenticate if needed.

      The Cluster wizard window appears.

    • Click the Remove delegation button.

      The session delegation has ended.

  • Ask the Primary delegate or Backup to end the delegation (see Ending the control over a Workstation).

If...

Then...

the Primary delegate or Backup ends the delegation...

the delegated workstation(s) is/are locked.

you lock a cluster containing a delegated workstation...

the workstation locks itself.

you shut down a cluster containing a delegated workstation...

the workstation is released from the cluster and locks itself.

 

Setting a Permanent Session Delegation

Subject

You can delegate as many workstations to as many delegates as you want.

Procedure

 

  1. Right-click the Authentication Manager icon in the notification area and select Manage Cluster.
  2. Reauthenticate if needed.

    The Cluster wizard window appears.

  3. Select Manage permanent delegations and click Next.

    The following window appears:

  4. Select a delegate in the drop-down list or click the Add button to add users to your delegates list.
  5. Do one of the following:
    • In the Delegated workstations area, select the workstations you want to delegate to the selected delegate.
    • Click the Select all button to select all the workstations at once.
  6. Click the Submit button.

    The next time you lock your workstation(s), your selected delegate will be able to take control over your selected workstation(s).

 

Ending a Permanent Session Delegation

Subject

There are different ways to end a permanent session delegation. If the master workstation is delegated, you have to end the delegation and lock the workstation by inserting your smart card and re-authenticate yourself.

Procedure
  1. Right-click the Authentication Manager icon in the notification area and select Manage Cluster.
  2. Reauthenticate if needed.

    The Cluster wizard window appears.

  3. Select Manage permanent delegations and click Next.
  4. The Manage your permanent delegation window appears.
  5. Clear the check box(es) corresponding to the workstation(s) for which you want to end the delegation.
  6. Select the delegate for whom you want to end the delegation and click the Remove button.

    NOTE: Click the Remove all button to remove all the delegations at once.
  7. Click the Submit button.

    The session delegation has ended.

    If...

    Then...

    the Primary delegate or Backup ends the delegation...

    the delegated workstation(s) is/are locked.

    you shut down a cluster containing a delegated workstation...

    the workstation is released from the cluster and locks itself.

 

Configuring Session Delegation outside a Cluster

There is only one type of session delegation outside a cluster: permanent delegation. For more information, refer to the following sections:

Setting a Session Delegation

You can delegate several workstations to one of your delegates.

Procedure
  1. Right-click the Authentication Manager icon in the notification area and select Manage Session Delegation.
  2. Reauthenticate yourself.

    The Windows session delegation window appears.

  3. Select a delegate in the drop-down list or click the Add button to add users to your delegates list.
  4. Do one of the following:
    • In the Delegated workstations area, select the workstations you want to delegate to the selected delegate.
    • Click the Select all button to select all the workstations at once.
  5. Click Apply.

    The next time you lock your workstation(s), your selected delegate will be able to take control over your selected workstation(s).

 

Ending a Session Delegation

Procedure
  1. Right-click the Authentication Manager icon in the notification area and select Manage Session Delegation.
  2. Reauthenticate yourself.

    The Windows session delegation window appears.

  3. Clear the check box(es) corresponding to the workstation(s) for which you want to end the delegation.
  4. Select the delegate for whom you want to end the delegation and click the Remove button.

    NOTE: Click the Remove all button to remove all the delegations at once.
  5. Click Apply.

    The session delegation has ended.

NOTE: If the delegate ends the delegation, the delegated workstation(s) is(are) locked.

 

Accessing a Colleague’s Workstation

Subject

If you are a delegate, you can take control over one of your colleague’s locked workstation(s) to monitor or intervene in any of his ongoing operations.

The Windows context is the one of the user who has opened the session and the SSO engine (if any) is suspended.

You can access a colleague’s workstation whether you are:

Accessing a Colleague’s Workstation in a Cluster

The delegated workstations are not attached to the delegate cluster and the operations performed on these workstations are not propagated to the cluster.

NOTE: By double-clicking the Authentication Manager icon, you directly access the Access a colleague’s workstation feature.

Taking control over another workstation

Before starting
  • Your colleague must have designated you as his Primary delegate or his backup.
  • Your colleague’s workstation(s) must be locked.
Procedure
  1. Double-click the Authentication Manager icon in the notification area.
  2. Reauthenticate if needed.

    The following window appears with the list of workstations you are authorized to take control over.

    NOTE: If you are allowed a permanent session delegation, all the workstations are displayed whether they are delegated temporarily or permanently.

  3. Select the workstation(s) you want to take control over and click the Unlock button.

    NOTE: Click the Select all button to select all the displayed workstations.

    You now have the control over the selected workstation(s).

 

Ending the control over a Workstation

Subject

There are two ways to end the control over a delegated workstation.

  • If you do not lock the workstation, it will be locked when you lock your cluster.
  • To take back the control over your delegated workstation, the latter must be locked.

When the delegate unlocks his cluster, the previously controlled workstation does not unlock itself. To take the control back, he must follow the same procedure as described in Accessing a Colleague’s Workstation in a Cluster.

Procedure

Do one of the following operations:

  • On the delegated workstation, press Windows+L to lock it.
  • The delegate ends the control by following this procedure:
    1. Double-click the Authentication Manager icon in the notification area.
    • Reauthenticate if needed.

      The Access a colleague’s workstation window appears.

    • Select the workstation(s) you want to end control over and click the Lock button.

      The workstation is not under your control anymore.

 

Accessing a Colleague’s Workstation outside a Cluster

Taking control over another workstation

Before starting
  • Your colleague must have designated you as his delegate.
  • Your colleague’s workstation(s) must be locked.
  • On Windows 7 workstations, set the following key to support unlock request: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
    CurrentVersion\Winlogon\DisableCAD
Procedure

 

 

  1. Right-click the Authentication Manager icon in the notification area and select Access a Colleague’s Workstation.
  2. Reauthenticate yourself.

    The following window appears with the list of workstations you are authorized to take control over.

  3. Select the workstation(s) you want to take control over and click the Unlock button.

    NOTE: Click the Select all button to select all the displayed workstations

    You now have the control over the selected workstation(s).

 

Ending the control over a Workstation

Subject

To take back the control over your delegated workstation, the latter must be locked.

Procedure

Do one of the following operations:

  • On the delegated workstation, press Windows+L to lock it.
  • The delegate ends the control by following this procedure:
    1. Right-click the Authentication Manager icon in the notification area and select Access a Colleague’s Workstation.
    • Reauthenticate yourself.

      The Unlock Colleague Workstation window appears.

    • Select the workstation(s) you want to end control over and click the Lock button.

      The workstation is not under your control anymore.

 

 

Ending a Roaming session

Ending a Roaming session

Subject

When you authenticate yourself with a smart card, you can end your Roaming Session through the Authentication Manager icon located in the notification area.

Procedure
  1. Right-click the Authentication Manager icon in the notification area and select Roaming Session.
  2. Reauthenticate if needed.

    The Roaming Session Management window appears.

  3. Click the Terminate button.

    Your Roaming Session has ended.

 

Related Documents