Upon the installation of the solution (more precisely when the primary controller is initialized), a user account that has full administrative rights is declared. This is the EAM Primary Administrator. It is a super-administrator and can therefore manage all the objects in the directory.
The EAM console allows you to add other primary administrators if required.
Compared to an administrator who has been given full rights, a Primary Administrator has the following additional rights:
You are logged on as a primary administrator.
|IMPORTANT: If your EAM solution is combined to the One Identity User Provisioning services, the administrators of the Policy Manager console are listed in the Auxiliary primary administrators area. Do not remove them.|
The security profiles are generated upon the installation of the EAM Controller. These objects are required to manage the target objects, which are users, access points and applications.
Depending on your administration perimeter, you can use the default security profiles, or create, modify, delete your own profiles, as described in this section.
To optimize network traffic, you can use the update management feature. By default, the EAM workstations retrieve periodically the whole SSO configuration. The update management feature allows you to post an update, which generates a unique identifier. The workstations retrieve the application data and this identifier. As long as the identifier is unchanged between the directory and the cache of the workstations, the workstations do not update their SSO configurations.
To enable/disable the update management feature, in the EAM Console File menu, select Manage updates.
|NOTE: When a workstation runs an update, it retrieves the entire configuration (and not only the configuration corresponding to the last posted update). So this feature does not avoid workstations retrieving the applications configured by administrators after the last posted update if the data on the workstation is older than the last posted update.|
In this section:
Time slices are required to define the following target objects:
In this section:
To perform the tasks described in this section, you must have at least the following administration role:
|NOTE: If you modify a time slice already used by target objects, your modifications apply to all the target objects associated with this security object.|