The application's general properties allow you to define the following:
Procedure
Click the button to change the time slice used by the application.
|
NOTE: To display the parameters of the selected time slice, click the ![]() |
Only the password authentication method is currently supported.
Audit area
You can assign an audit filter to the application to generate only relevant events relative to this object: see Section Applying an audit filter to specific objects.
Click Apply.
The properties of the account associated with an application allow you to define login/password requirements, the list of parameters supported by the application and if applications use the same account base. You define the account properties through the Account Base and Account Rule tabs located in the Configuration tab of an application object.
To perform the tasks described in this section, you must:
|
NOTE: For more information on:
|
In this section:
The Account Base tab allows you to define common bases of accounts for several applications.
Procedure
The Windows username can be used in the following formats:
This button allows you to share the account base of the selected application (Application A) with another application (Application B). Application B will then use Application A accounts.
If users have already collected accounts for Application B, these accounts will not be visible anymore; the only visible accounts will be those of Application A.
Once you have shared the account base of the selected application, the accounts are displayed from both applications (in the Accounts tab, as described in Section Displaying accounts associated with the application), but you can stop the sharing only from Application A (see Stop Sharing Account Base with Another Application button below).
If you try to stop the sharing from Application B, then application A will be left with no account base.
Use case:
You have 2 applications: App A and App B. These two applications contain accounts (App A: Acc A1, Acc A2 etc. and App B: Acc B1, Acc B2 etc).
Open App A and add App B as a shared application and validate to keep your old accounts.
Select App B and delete the sharing with App A. From now on, App B contains all the accounts from App A which does not contain any account anymore.
This button allows you to stop sharing the account base of the selected application (Application A) with another application (Application B).
Application B then recovers the accounts that had been already collected for it.
The Account Properties tab allows you to define the login and password requirements for the selected application, and the list of parameters supported by the application. The end user will have to follow these rules at application login/password collection time.
Procedure
This area allows you to define the rule for the application login value, on the basis of the information read within the User object.
|
NOTE: To get the exact LDAP attribute name, use an LDAP browser. |
You can be more specific about the login value by following these rules:
|
IMPORTANT: The settings defined in this section must be coherent with the rule defined in the Login creation rule area. |
This area enables you to define a label that will be suggested during the creation of a first account and the first collection. This label will be displayed in Enterprise SSO as well as in all the SSO data collection windows and in the user account management window.
The password is checked using a PFCP object, which must be created. For more details, see Section Managing Password Format Control Policies.
The password reveal policy is initially configured on Application Profiles, as detailed in Account tab. In some cases (for example if the SSO process stops working on an application), you can allow users to display the password of a specific application from the Enterprise SSO engine:
|
NOTE: You must have one of the following administration rights:
|
You can send a user’s password by email. To do so, you must configure the application with one of the three following options:
The Parameters tab allows you to add a list of additional authentication parameters (as "Windows Domain" or "Language" for example). These parameters will enable you to define other fields than the user name/password fields of the target application authentication window.
To define a UNIX application, you must add in this tab the Unix Host Identifier parameter (Default type). This parameter is aimed to collect the name of the UNIX computer on which the user can authenticate.
|
IMPORTANT: Do not forget to check the consistency between the list of authentication parameters for the application and the parameters defined at the technical reference level, which is done using Enterprise SSO Studio. For more details, seeEnterprise SSO Administrator's Guide. |
|
NOTE: External names for parameters allow you to define a mapping between the parameter that you are configuring within EAM Console and the name of an external parameter (created using another SSO tool). |
This option is particularly useful to integrate User Provisioning or Web Access Manager with the EAM module. For more details, see Defining external names.
If you have selected Rule in the Parameter type area, get the exact LDAP attribute name (using an LDAP browser) and type it between parentheses in the Value field. For example, type (mail) to indicate that the parameter value is the user's mail address.
|
NOTE:
|
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy