Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - One Identity Enterprise Access Management Console Administration Guide

Preface Overview Authenticating to EAM Console and Managing Protection Modes Searching the Directory Tree Managing administrators Managing Security Profiles
Managing time slices Managing Password Format Control Policies Managing User Security Profiles Managing Access Point Security Profiles Managing Application Security Profiles Defining Security Profiles Default Values Managing User and Access Point Security Profiles Priorities
Managing directory objects
Managing applications Managing users Managing access points Managing representative objects Managing clusters of access points Selecting a domain controller
Importing/Exporting security profiles and directory objects Managing smart cards Managing SA server devices Managing RFID tokens Managing biometrics Managing Mobile Devices Enabling the public key authentication method Managing Emergency Accesses Managing audit events Managing reports Customizing configuration files Creating scripts Basic syntax of regular expressions Listing audit events and error codes Correspondence between profiles and administration rights Report Models and Parameters List Custom Group Files Format

Managing Traces

Managing traces remotely enables you to:

  • Modify the trace parameters on the selected access point.
  • Collect the trace files from the selected access point.
  • Delete all trace files on the selected access point.

Managing Security Services

Managing security services remotely enables you to:

  • Collect all registry parameters linked to EAM.
  • Define a temporary EAM controller to which the access point must connect.
  • Define a set of temporary directory servers to which the access point must connect.
  • Force the access point to register to the directory.

Displaying access point event logs

Displaying access point event logs

Subject

The Events tab allows you to display all the events that are directly or indirectly linked to the selected object, for a defined period (the last two days by default). This report contains both user actions and administration actions log entries.

If the selected object is a group of access points, an organizational unit or a directory, the default events displayed are only related to the group, organization unit or directory, but the events related to its members are not available.

The Audit population area of the Events tab allows you explicitly mark the group, organization or directory for audit, so that audit events on members of the group, organizational unit or directory are also displayed.

Restriction

The Events tab only appears if you have the following administration role:

  • In classic administration mode: "Auditor".
  • In advanced administration mode, your role must contain the following administration right: "Audit: Visualization".

NOTE: For more information on administration roles, see Section Managing administrators.

Procedure

  1. In the tree structure of the Directory panel, select the wanted access point.
  2. Click the Events tab.
  3. If you have selected a group of access points, an organizational unit or a directory, you can set it as an audit population in the Audit Population area, as explained in Section Defining an audit population.
  4. In the Filter area, set a period of time to filter the log entries and click Apply (for more information on event logs see Section Managing audit events).

    NOTE: To display all the actions performed on this particular access point, select the Include operations performed on this object (may be time consuming) check box.

Updating manually an access point

Subject

Access points on which the cache is enabled are configured to synchronize their data with the directory at a given frequency. These parameters are set in the access point security profile (see Security Services Tab).

If needed, you can update manually cache data on a specific access point.

Restriction

This procedure can only be performed by selecting one access point after the other. It is not possible to select several access points at the same time.

Procedure

  1. In the tree structure of the Directory panel, right-click the wanted access point.
  2. Click Update.
Related Documents