Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - One Identity Enterprise Access Management Console Administration Guide

Preface Overview Authenticating to EAM Console and Managing Protection Modes Searching the Directory Tree Managing administrators Managing Security Profiles
Managing time slices Managing Password Format Control Policies Managing User Security Profiles Managing Access Point Security Profiles Managing Application Security Profiles Defining Security Profiles Default Values Managing User and Access Point Security Profiles Priorities
Managing directory objects
Managing applications Managing users Managing access points Managing representative objects Managing clusters of access points Selecting a domain controller
Importing/Exporting security profiles and directory objects Managing smart cards Managing SA server devices Managing RFID tokens Managing biometrics Managing Mobile Devices Enabling the public key authentication method Managing Emergency Accesses Managing audit events Managing reports Customizing configuration files Creating scripts Basic syntax of regular expressions Listing audit events and error codes Correspondence between profiles and administration rights Report Models and Parameters List Custom Group Files Format

Assigning a user security profile to the inbound representative object


You must assign a user security profile to the inbound representative object. When a represented user authenticates on an access point which is not part of his/her domain, his/her profile will be half part of his/her domain, and half part of the domain to which belong the access point.

  • The Security and Self Service Password Request tabs are used to compose the part of the profile belonging to the domain of the user.
  • The Authentication and Unlocking tabs are used to compose the part of the profile belonging to the domain welcoming the user.
Before starting

It is necessary to create the user security profile to assign, as described in Section Managing User Security Profiles.


  1. Click the Security Profiles tab.
    • The Security Profiles tab appears.

  2. To assign another user security profile, click the  button.

    NOTE: Click the  button to display and if needed modify the selected user profile.
  3. Click Apply.

Selecting access points available to the representative


IMPORTANT: The Access Points tab is only available if EAM manages access points ("access point management" mode).

This section describes how to authorize the represented users to log on to access points that are not part of their domain.


  1. Click the Access Points tab.
    • The Access Points tab appears.

  2. Click the Add/Remove buttons to select the access points that you want to make accessible to the selected representative.

    IMPORTANT: The Allow on all access points parameter of the user security profile (see Section, "Authentication Tab") associated with the representative has no effect on the accessibility of access points by the selected representative.
  3. To be more precise on the list of available access points, use the following buttons:
    • Allow/Forbid
      If you have added a group of access points and you wand to forbid one or more access point(s) in this group, use the Allow and Forbid buttons.
    • Modules
      To prevent a representative from accessing some of the software modules installed on the access point (Authentication Manager, EAM Console, Enterprise SSO or SSO Studio), use the Modules button.

Managing outbound representative objects


An outbound representative object represents a set of access points that are not part of the domain the representative belongs to.
You decide which applications of the local domain must be available on these access points. Thus, the users will be able to access applications of their local domain from access points that are not part of their domain.

Before starting

Before starting, check that you meet the following requirements:

  • You must be authorized to access the external domains in which reside the access points to be represented (see Section Managing administrators).
  • To perform the tasks described in this section, you must have at least the following administration role:
    • In classic administration mode: "Security object administrator".
    • In advanced administration mode, your role must contain the following administration right: "User security profile: Creation/Modification" or "Representative: Creation/Modification".

In this section:

Creating/Modifying an outbound representative object


Creating an outbound object

  1. In the tree structure of the Directory panel, right-click the organizational unit that must contain your outbound object, and select New\Representative.
    • The selection window appears.

  2. Click Outbound access and click OK.
    • The outbound object Configuration tab appears.
  3. In the Configuration tab, in the Representative area, type the name of the representative you are creating.
  4. Configure the representative object, as described in the following sections:
  1. Click Apply.
    • The outbound object appears in the directory tree structure.

Modifying an outbound object

  1. In the tree structure of the Directory panel, select the outbound object to modify.
    • The outbound object Configuration tab appears.
  1. Modify the configuration of the representative object, as described in the following sections:

    The outbound object is modified.


Related Documents