Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - One Identity Enterprise Access Management Console Administration Guide

Preface Overview Authenticating to EAM Console and Managing Protection Modes Searching the Directory Tree Managing administrators Managing Security Profiles
Managing time slices Managing Password Format Control Policies Managing User Security Profiles Managing Access Point Security Profiles Managing Application Security Profiles Defining Security Profiles Default Values Managing User and Access Point Security Profiles Priorities
Managing directory objects
Managing applications Managing users Managing access points Managing representative objects Managing clusters of access points Selecting a domain controller
Importing/Exporting security profiles and directory objects Managing smart cards Managing SA server devices Managing RFID tokens Managing biometrics Managing Mobile Devices Enabling the public key authentication method Managing Emergency Accesses Managing audit events Managing reports Customizing configuration files Creating scripts Basic syntax of regular expressions Listing audit events and error codes Correspondence between profiles and administration rights Report Models and Parameters List Custom Group Files Format




This guide describes how to administer the One Identity Enterprise Access Management (EAM) solution using One Identity EAM Console, the centralized administration and audit consultation tool.


This guide is intended for:

  • System Integrators.

  • Administrators.

Required Software

EAM 9.0 evolution 2 and later versions. For more information about the versions of the required operating systems and software solutions quoted in this guide, please refer to One Identity EAM Release Notes.

Typographical Conventions

Bold Indicates:

  • Interface objects, such as menu names, buttons, icons and labels.
  • File, folder and path names.
  • Keywords to which particular attention must be paid.


Italics - Indicates references to other guides.


Code - Indicates portions of program codes, command lines or messages displayed in command windows.


CAPITALIZATI ON Indicates specific objects within the application (in addition to standard capitalization rules).


< > Identifies parameters to be supplied by the user.


Warning: A WARNING icon indicates a potential for property damage, personal injury, or death.


Caution: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.


IMPORTANT, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.

Documentation support

The information contained in this document is subject to change without notice. As our products are continuously enhanced, certain pieces of information in this guide can be incorrect. Send us your comments or suggestions regarding the documentation on the One Identity support website.


This guide describes how to use the One Identity Enterprise Access Management administration console (EAM Console). This administration tool allows you to configure your company Single Sign-On (SSO) secure authentication. It covers all the phases, from the setting up of the basic security objects to the definition of access rights for users, workstations and applications.

In this guide, One Identity EAM refers to One Identity Enterprise Access Management.

In this section:

Enterprise Access Management Concepts

Enterprise Access Management Concepts

EAM is the module of the IAM solution that provides centralized management of application, network access strategies and security data. For this purpose, User Access is based on the management of three types of objects:

  • The company's users.
  • The company's applications for which you will enable the single sign-on functionality.
  • The client workstations (access points) on which users log on to access their applications.

    One Identity EAM offers two access point functional modes. The wanted mode is selected at installation time (see One Identity EAM Installation Guide):

    • In "manage-access-point" mode, you can define security policies for individual workstations and group of workstations.
    • In "no-access-point-management" mode, no objects representing client workstations are created or used in the directory and one security policy is applied to all access points. In this mode, EAM Controllers do not "authenticate" client workstations.

The main administration tasks consist in implementing the relations between these three types of objects, as shown in the following diagram:

IMPORTANT: In this guide, the term "user" refers to the user himself, a group of users or an organizational unit that contains users. Likewise, the term "access point" refers to the access point itself (which is a computer), a group of computers or an organizational unit that contains computers.

EAM Controllers

EAM Controllers

In this section:

EAM Services

Domain Controller Selection

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents