Assigning a user security profile to the inbound representative object
Subject
You must assign a user security profile to the inbound representative object. When a represented user authenticates on an access point which is not part of his/her domain, his/her profile will be half part of his/her domain, and half part of the domain to which belong the access point.
- The Security and Self Service Password Request tabs are used to compose the part of the profile belonging to the domain of the user.
- The Authentication and Unlocking tabs are used to compose the part of the profile belonging to the domain welcoming the user.
Before starting
It is necessary to create the user security profile to assign, as described in Section Managing User Security Profiles.
Procedure
- Click the Security Profiles tab.
- The Security Profiles tab appears.
- To assign another user security profile, click the
button.

|
NOTE: Click the button to display and if needed modify the selected user profile. |
- Click Apply.
Selecting access points available to the representative
Subject
|
IMPORTANT: The Access Points tab is only available if EAM manages access points ("access point management" mode). |
This section describes how to authorize the represented users to log on to access points that are not part of their domain.
Procedure
- Click the Access Points tab.
- The Access Points tab appears.
- Click the Add/Remove buttons to select the access points that you want to make accessible to the selected representative.

|
IMPORTANT: The Allow on all access points parameter of the user security profile (see Section 5.3.2.1, "Authentication Tab") associated with the representative has no effect on the accessibility of access points by the selected representative. |
- To be more precise on the list of available access points, use the following buttons:
- Allow/Forbid
If you have added a group of access points and you wand to forbid one or more access point(s) in this group, use the Allow and Forbid buttons.
- Modules
To prevent a representative from accessing some of the software modules installed on the access point (Authentication Manager, EAM Console, Enterprise SSO or SSO Studio), use the Modules button.
Managing outbound representative objects
Subject
An outbound representative object represents a set of access points that are not part of the domain the representative belongs to.
You decide which applications of the local domain must be available on these access points. Thus, the users will be able to access applications of their local domain from access points that are not part of their domain.
Before starting
Before starting, check that you meet the following requirements:
- You must be authorized to access the external domains in which reside the access points to be represented (see Section Managing administrators).
- To perform the tasks described in this section, you must have at least the following administration role:
- In classic administration mode: "Security object administrator".
- In advanced administration mode, your role must contain the following administration right: "User security profile: Creation/Modification" or "Representative: Creation/Modification".
In this section:
Creating/Modifying an outbound representative object
Procedures
Creating an outbound object
- In the tree structure of the Directory panel, right-click the organizational unit that must contain your outbound object, and select New\Representative.
- The selection window appears.
- Click Outbound access and click OK.
- The outbound object Configuration tab appears.
- In the Configuration tab, in the Representative area, type the name of the representative you are creating.
- Configure the representative object, as described in the following sections:
- Click Apply.
- The outbound object appears in the directory tree structure.
Modifying an outbound object
- In the tree structure of the Directory panel, select the outbound object to modify.
- The outbound object Configuration tab appears.
- Modify the configuration of the representative object, as described in the following sections:
The outbound object is modified.