Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - One Identity Enterprise Access Management Console Administration Guide

Preface Overview Authenticating to EAM Console and Managing Protection Modes Searching the Directory Tree Managing administrators Managing Security Profiles
Managing time slices Managing Password Format Control Policies Managing User Security Profiles Managing Access Point Security Profiles Managing Application Security Profiles Defining Security Profiles Default Values Managing User and Access Point Security Profiles Priorities
Managing directory objects
Managing applications Managing users Managing access points Managing representative objects Managing clusters of access points Selecting a domain controller
Importing/Exporting security profiles and directory objects Managing smart cards Managing SA server devices Managing RFID tokens Managing biometrics Managing Mobile Devices Enabling the public key authentication method Managing Emergency Accesses Managing audit events Managing reports Customizing configuration files Creating scripts Basic syntax of regular expressions Listing audit events and error codes Correspondence between profiles and administration rights Report Models and Parameters List Custom Group Files Format

Creating/Modifying Password Generation Policies

Before starting

To perform the tasks described in this section, you must have at least the following administration role:

  • In classic administration mode: "Security object administrator".
  • In advanced administration mode, your role must contain the following administration right: "Password generation policy: Creation/Modification".
Procedures

Creating Password Generation Policies

  1. In the tree structure of the Directory panel, right-click the organizational unit that must contain your PGP and select New\Password Generation Policy.
    • The PGP configuration tab appears.
  1. Fill in the window as described in Section Configuring the Password Generation Policy and click Apply.
    • The PGP appears in the directory tree structure.

Modifying Password Generation Policies

IMPORTANT: If you modify a PGP already used by target objects, your modifications apply on all the target objects associated with this security object.
  1. In the tree structure of the Directory panel, select the PGP to modify.
    • The PGP configuration tab appears.
  1. Fill in the window as described in Section Configuring the Password Generation Policy and click Apply.
    • The PGP is modified.

Configuring the Password Generation Policy

Before starting

To perform the task described in this section, you must have at least the following administration role:

  • In classic administration mode: "Security object administrator".
  • In advanced administration mode, your role must contain the following administration rights: "Password generation policy: Creation/Modification".
Window example

Procedure

  1. Type the PGP name.
  2. Define the behavior of the applications associated with this PGP during a password change request (request prompting the user to generate a password compatible with the PFCP or automatic generation of a new password).
  3. Define the frequency at which the application forces the modification of the authentication password entered upon a session start as well as the number of old passwords that cannot be reused. This last option prevents users replacing their passwords by a password that is too recent.
  4. Define a list of forbidden passwords, using the following buttons:
    • Add and Remove to manage the forbidden passwords one by one.
    • Import and Export to manage several forbidden passwords at a time.

      NOTE:

      • The Add button is enabled when you type a forbidden password in the area located in the left hand side of the button.

      • The Import and Export buttons enable you to import or export a TXT file containing one forbidden password per line.

Displaying Password Generation Policy Usage Logs

Subject

The Applies to tab enables you to display the list of application security profiles that are directly linked to the selected generation profile.

Procedure

  1. In the tree structure of the Directory panel, select the password generation policy for which you want to display usage.
  2. Select the Applies to tab.
    • The list of application security profiles linked to this generation policy appears.

  1. Double-click a security profile to go directly to its profile.

 

Displaying Password Generation Policy Event Logs

Displaying Password Generation Policy Event Logs

Subject

The Events tab allows you to display all the events that are directly or indirectly linked to the selected object, for a defined period (the last two days by default). This report contains both user actions and administration actions log entries.

Restriction

The Events tab only appears if you have at least the following administration role:

In classic administration mode: "Auditor".

In advanced administration mode, your role must contain the following administration right: "Audit: Visualization".

NOTE: For more information on administration roles, see Section Managing administrators.

Procedure

  1. In the tree structure of the Directory panel, select the password generation policy to audit.
  2. Click the Events tab.
    • The Events tab appears.
  1. In the Filter area, set a period of time to filter the log entries and click Apply (for more information on event logs see Section Managing audit events).
Related Documents