Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - One Identity Enterprise Access Management Console Administration Guide

Preface Overview Authenticating to EAM Console and Managing Protection Modes Searching the Directory Tree Managing administrators Managing Security Profiles
Managing time slices Managing Password Format Control Policies Managing User Security Profiles Managing Access Point Security Profiles Managing Application Security Profiles Defining Security Profiles Default Values Managing User and Access Point Security Profiles Priorities
Managing directory objects
Managing applications Managing users Managing access points Managing representative objects Managing clusters of access points Selecting a domain controller
Importing/Exporting security profiles and directory objects Managing smart cards Managing SA server devices Managing RFID tokens Managing biometrics Managing Mobile Devices Enabling the public key authentication method Managing Emergency Accesses Managing audit events Managing reports Customizing configuration files Creating scripts Basic syntax of regular expressions Listing audit events and error codes Correspondence between profiles and administration rights Report Models and Parameters List Custom Group Files Format

Deleting Application Security Profiles

Subject

IMPORTANT: If you delete an application security profile used by applications, these applications will use the application security profile defined by default.
Before starting

To perform the task described in this section, you must have at least the following administration role:

  • In classic administration mode: "Security object administrator".
  • In advanced administration mode, your role must contain the following administration right: "Application profile: Deletion".

Procedure

In the tree structure of the Directory panel, right-click the application security profile to delete and select Delete.

  • The application security profile is removed from the directory tree structure.

Defining Security Profiles Default Values

Subject

The security objects (timeslice, password format control policy, password generation policy, user security profile, access point security profile and application security profile) can be applied to various target objects.

Upon their creation, these target objects are automatically associated with the default security objects. If necessary, you can change the default security object. To prevent you from changing systematically the default security object applied to the created target objects, you can configure the security profiles default values.

Before starting
  • To perform the task described in this section, you must have at least the following administration role:
    • In classic administration mode: "Security object administrator".
    • In advanced administration mode, your role must contain the following administration rights:
      • "Directory: Browsing".
      • "Access point security profile: Creation/Modification".
      • "Application profile: Creation/Modification".
      • "Password format control policy: Creation/Modification".
      • "Password generation policy: Creation/Modification".
      • "Schedule: Creation/Modification".
      • "User security profile: Creation/Modification".
  • The security objects that you want to define as default security objects must be created.

Procedure

  1. In the File menu, select Configuration.
  2. In the displayed window, click the Default Values tab:

  3. In the Default Values tab, define the security objects applied by default during the creation of target objects as follows:
    1. Click the Select button.
    2. Use the Browse tab to browse the directory tree structure or use the Search tab to find the profile according to its name.
    3. Click OK.
  4. Click OK.

 

Managing User and Access Point Security Profiles Priorities

Managing User and Access Point Security Profiles Priorities

Subject

Depending on your organization, a user or a workstation can belong to different groups. Consider that a user belongs to two groups. If a user security profile is applied to each group, then it is necessary to define priorities for the two user security profiles, to avoid any conflict during the resolution of the user security profile used by the user, as shown in the following illustration.

Before starting
  • To perform the task described in this section, you must have at least the following administration role:
    • In classic administration mode: "Security object administrator".
    • In advanced administration mode, your role must contain the following administration right: "User security profile: Creation/Modification" or "Access point security profile: Creation/Modification".
  • The security objects that you want to define as default security objects must be created.
  • If you are working in "no access point management" mode, you cannot manage access point security profiles priorities.

Procedure

  1. In the File menu, select either Manage User Security Profile Priority or Manage Access Point Security Profile Priority.

    IMPORTANT: The Manage Access Point Security Profile Priority functionality is only available if EAM manages access points ("access points management" mode).
    • The priority management window appears.

NOTE: The user security profile priority management window and the access point security profile management priority window are exactly the same.
  1. Select a user security profile/an access point security profile and click the Increase and Decrease buttons to define the profile priority.
  • You can also use the Default button to define the default priority value. EAM applies this value if a workstation/a user is not associated with a user/access point security profile.
  • The Reset button allows you to re-order the user/access point security profiles in a random way.

IMPORTANT: The lowest level profile has the highest priority.
  1. Click Close when you have finished.

Managing directory objects

Subject

This section describes how to manage the users, access points and applications, which must be declared, configured and linked to each other, as described in Enterprise Access Management Concepts. It also explains how to manage representative objects, cluster of access points ans how to select a domain controller.

Before starting
  • To perform the tasks described in this section, you must have the following administration role:
    • In classic administration mode: "Security object administrator" or "Access administrator" or "Rights administrator".
    • In advanced administration mode, your role must contain the following administration rights: "Directory: Browsing" and the rights listed in the tasks described in the following sections.

      NOTE: For more information on administration roles, see Managing administrators.

In this section:

Related Documents