Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - One Identity Enterprise Access Management Console Administration Guide

Preface Overview Authenticating to EAM Console and Managing Protection Modes Searching the Directory Tree Managing administrators Managing Security Profiles
Managing time slices Managing Password Format Control Policies Managing User Security Profiles Managing Access Point Security Profiles Managing Application Security Profiles Defining Security Profiles Default Values Managing User and Access Point Security Profiles Priorities
Managing directory objects
Managing applications Managing users Managing access points Managing representative objects Managing clusters of access points Selecting a domain controller
Importing/Exporting security profiles and directory objects Managing smart cards Managing SA server devices Managing RFID tokens Managing biometrics Managing Mobile Devices Enabling the public key authentication method Managing Emergency Accesses Managing audit events Managing reports Customizing configuration files Creating scripts Basic syntax of regular expressions Listing audit events and error codes Correspondence between profiles and administration rights Report Models and Parameters List Custom Group Files Format

Displaying delegated sessions


The Session Delegation tab allows you to display the list of the user delegations concerning the selected cluster of access points.

NOTE: To configure the session delegation parameters for users, see Section Session Delegation Tab.

You can visualize delegations made by users but you cannot modify them.

Window description

  • Show all <user name> delegation

    Displays the list of users to whom the selected user has delegated his/her Windows session, the type of delegation (permanent or temporary) and the workstation it concerns.

  • Show who delegated to <user name>

    Displays the list of users who have delegated their session to the selected user, the type of delegation (permanent or temporary) and the workstation it concerns.

Managing user RFID tokens

The RFID tab allows you to assign, lock or unlock, send into a blacklist and delete, or display information on the RFID tokens of a user. For more details on how to manage tokens through this tab, see Section Managing RFID tokens.

Displaying user event logs

Displaying user event logs


The Events tab allows you to display all the events that are directly or indirectly linked to the selected object for a defined period (the last two days by default). This report contains both user actions and administration actions log entries.

If the selected object is a group of users, an organizational unit or a directory, the default events displayed are only related to the group, organization unit or directory, but the events related to its members are not available.

The Audit population area of the Events tab allows you explicitly mark the group, organization or directory for audit, so that audit events on members of the group, organizational unit or directory are also displayed.


The Events tab only appears if you have at least the following administration role:

  • In classic administration mode: "Auditor".
  • In advanced administration mode, your role must contain the following administration right: "Audit: Visualization".

NOTE: For more information on administration roles, see Section Managing administrators.


  1. In the tree structure of the Directory panel, select the wanted user.
  2. Click the Events tab.
    • The Events tab appears.
  3. If you have selected a group of users, an organizational unit or a directory, you can set it as an audit population in the Audit Population area, as explained in Section Defining an audit population.
  4. In the Filter area, set a period of time to filter the log entries and click Apply (for more information on event logs see Section Managing audit events).

NOTE: To display all the actions performed on this particular user, select the Include operations performed on this object (may be time consuming) check box.

Deleting SSO data of disabled user accounts


When the administrator disables a user account in the directory, the SSO data of the user is still associated with this account.

The One Identity Identity & Access Management software license is based on the number of active users, which are all the user accounts (enabled and disabled) with SSO data.

This section describes how to search for disabled accounts in the directory and delete the associated SSO data in order to reduce the number of active users.

NOTE: To display the number of active users, click Help\About.

The solution must be configured in Active Directory mode.


  1. In the File menu, click SSO & Active Directory disabled account.
  2. Read the displayed instructions to delete SSO data.


Related Documents