Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - One Identity Enterprise Access Management Console Administration Guide

Preface Overview Authenticating to EAM Console and Managing Protection Modes Searching the Directory Tree Managing administrators Managing Security Profiles
Managing time slices Managing Password Format Control Policies Managing User Security Profiles Managing Access Point Security Profiles Managing Application Security Profiles Defining Security Profiles Default Values Managing User and Access Point Security Profiles Priorities
Managing directory objects
Managing applications Managing users Managing access points Managing representative objects Managing clusters of access points Selecting a domain controller
Importing/Exporting security profiles and directory objects Managing smart cards Managing SA server devices Managing RFID tokens Managing biometrics Managing Mobile Devices Enabling the public key authentication method Managing Emergency Accesses Managing audit events Managing reports Customizing configuration files Creating scripts Basic syntax of regular expressions Listing audit events and error codes Correspondence between profiles and administration rights Report Models and Parameters List Custom Group Files Format

Managing applications

Subject

This section describes how to define existing applications (corporate applications) and their configuration procedure in order to implement network strategies and user single sign-on (SSO) data.

IMPORTANT: f your directory infrastructure is composed of several domains, the definitions of your corporate applications are saved only in the domain where they are defined.
Before starting

Before reading the following sections, make sure that the following steps were performed:

  1. Make the inventory of the applications for which you want to control the access using EAM Console.
  2. For each application, list all the authentication windows (login, new password, incorrect password, etc.).
  3. For each application, create the corresponding technical reference using Enterprise SSO Studio.

    NOTE:

    • The technical reference is a technical description of an application. This allows you to configure the accesses to the application, and particularly to enable the SSO. You will find information on creating technical references in Enterprise SSO Administration Guide.
    • To manage technical references, you must have the following administration role:

      • In classic administration mode: "Security object administrator".
      • In advanced administration mode, your role must contain the following administration rights: "Technical reference: Creation/Modification" and "Technical reference: Deletion".

In this section:

Creating an application

Creating an application consists in adding an Application object in the directory tree structure. You can create an application through one of the following methods:

In this section:

Creating an application without using templates

Subject

The following procedure explains how to create a new Application object without using existing templates.

Before starting

To perform the tasks described in this section, you must have at least the following administration role:

  • In classic administration mode: "Security object administrator".
  • In advanced administration mode, your role must contain the following administration right: "Application: Creation/Modification".

Procedure

  1. In the tree structure of the Directory panel, right-click the organizational unit that must contain your application and select New\Application.
    • The Information tab appears.
  2. Fill-in at least the Name field and press Enter.

    NOTE: If you want to use QRentry for mobile device, you can add a logo to the application by clicking Set logo. For more information, see QRentry User’s Guide.
    • The Application object is created. You must now configure it, as described in the following sections.

Creating an application using templates

Subject

EAM Console allows you to use templates to create SAP and Windows application objects. The application templates allows you to create Application objects with a number of pre-defined parameters. They should be used for specific authentication methods. The predefined template applications are:

  • SAP, for SAP R/3 application authentication.
  • Windows, for authentication to an external LDAP directory.

The application templates are managed in the same way as the Application objects. They enable the SSO function for specific authentication procedures. An application template has a number of predefined parameters.

Before starting

To perform the tasks described in this section, you must have at least the following administration role:

  • In classic administration mode: "Security object administrator".
  • In advanced administration mode, your role must contain the following administration right: "Application: Creation/Modification".

Procedures

Creating a Windows application

  1. In the tree structure of the Directory panel, right-click the organizational unit that must contain your application, and select New\Template-based Application\Windows.
    • The Windows application template window appears.

  1. Fill in the window with the application name and the application domain name.
  1. Click OK.
    • The application object is created with pre-defined parameters for a Windows application. You can configure or modify it, as described in the following sections.

Creating an SAP application

  1. In the tree structure of the Directory panel, right-click the organizational unit that must contain your application and select New\Template-base Application\SAP.
    • The SAP application template window appears.

  2. Fill in the window to create the SAP application.
  3. Click OK.
    • The application object is created with pre-defined parameters for an SAP application. You can configure or modify it, as described in the following sections.

 

Related Documents