Assigning/forbidding applications to an access point
Assigning/forbidding applications to an access point
Subject
To configure the SSO for a user, you must set the following links:
- Authorize the user on an access point.
- Authorize an application to run on a given access point.
- Authorize the user to access the application.
This section describes how to authorize the execution of an application on an access point.
Before starting
- The software corresponding to the application object must be installed on the access point.
|
IMPORTANT: The EAM Controller uses the following algorithm to assign or forbid applications to access points:
-
Checks the authorization of the application on the access point.
-
Checks the authorization or the prohibition of the application on a primary group of access points.
-
Checks the authorization or the prohibition of the application on the group of access points.
-
Checks the authorization or the prohibition of the access by the parent organizational unit of the access point. |
- To perform the task described in this section, you must have at least the following administration role:
- In classic administration mode: "Security object administrator" or "Access administrator".
- In advanced administration mode, your role must contain the following administration rights: "Authorization for application on access point: Creation/Modification" and "Authorization for application on access point: Deletion".
- If you are working in "no-access-point-management" mode, it is not possible to make applications available on individual access points or to objects representing a set of access points (groups, organizations and so on) other than "outbound representatives". The Application Available tab is not available.
Procedure
- In the tree structure of the Directory panel, select the wanted access point.
- Click the Available Applications tab.
- Click the Add/Remove buttons to select the applications that you want to make accessible to the selected access point.
- To provide more details on the list of available applications, use the following buttons:
- Allow/Forbid
If you have added a group of applications and you wand to forbid one or more application(s) in this group, use the Allow and Forbid buttons.
- Propagation method
If you want to specify a specific applications, and if your application uses the SSO propagation method, you must indicate a technical reference. By default, the technical reference specified on the application is used, based on the descriptions in Section Defining the Single Sign-On properties of an application (SSO).
Adding or removing an access point from a group
Subject
The console allows you to add or remove users and access points from groups directly through the interface, without using a third-party group management console.
You can perform this task in two ways:
- From an access point, as detailed in Procedure#1 below.
- From a group of users, as detailed in Procedure#2 below.
|
IMPORTANT: You must use this feature only with groups carrying Enterprise SSO data. |
Before starting
- You have delegated the task Modify the membership of a group to the Organization for which you want to manage group memberships. For more details, see One Identity EAM Installation Guide.
- You have the right Group: Add/Remove member in your administration profile (the management of administration profiles is described in Section Managing Administration Profiles).
Procedure#1
- In the tree structure of the Directory panel, select the wanted access point.
- The Information tab appears.

- Use the Add and Remove buttons to add or remove the access point to/from a group.
Procedure#2
- In the tree structure of the Directory panel, select the wanted group of user.
- The Information tab appears.
- Use the Add and Remove buttons to add or remove access points to/from the selected group.
Analyzing Errors of a Remote Access Point
Subject
The Actions tab enables you to check the status of an access point (whether it can be reached or not) and also to perform a certain number of actions such as adjusting the parameters and collection of the cache and trace files.
Description
- The Cache Files area enables you to manage the user cache of the remote access point: see Managing the Cache.
- The Trace Files area enables you to manage the traces of the remote access point: see Managing Traces.
- The Security Services area enables you to manage the connection of the remote access point to the controller and the directory: see Managing Security Services.
- The Authentication Manager area enables you to deactivate the display of the Authentication Manager tiles before session opening.
|
NOTE: This area appears only if Authentication Manager is installed on the remote access point. |
Restrictions
- The Actions tab only appears if you have the following advanced administration role: "Access point: Help desk".
- Port 3644 of the remote station must be open.
- To activate the Reboot computer option (Upon actions area), you must set the following registry value to a non-null value: HKLM\SOFTWARE\Enatel\WiseGuard\Console\AllowRemoteReboot (REG_DWORD).
Procedure
- In the tree structure of the Directory panel, select the wanted access point.
- Click the Actions tab.

|
NOTE: If the access point cannot be reached or if it does not support the remote analysis, an error message appears. |
- The current parameters of the remote access point appear in the tab.
- Perform the necessary actions described hereunder.

|
NOTE:
- If the EAM security services on the remote access point are stopped, you must wait a few seconds before downloading the compressed files.
- You are advised to collect and download the files for analysis before performing the required actions.
|
- To download the cache, trace or registry files of the remote access point, go to the Download area of the tab.
- Click Apply.

|
NOTE: If Authentication Manager is installed on the remote access point, the user session locks and the user must reauthenticate. |
Managing the Cache
Managing the cache remotely enables you to:
- Delete cache files linked to the user and the selected access point. The administrator can delete a cache file only linked to a specific user.
- Collect cache files linked to the user and the access point available on the selected access point.
- Deactivate the use of the cache on the selected access point.