Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - One Identity Enterprise Access Management Console Administration Guide

Preface Overview Authenticating to EAM Console and Managing Protection Modes Searching the Directory Tree Managing administrators Managing Security Profiles
Managing time slices Managing Password Format Control Policies Managing User Security Profiles Managing Access Point Security Profiles Managing Application Security Profiles Defining Security Profiles Default Values Managing User and Access Point Security Profiles Priorities
Managing directory objects
Managing applications Managing users Managing access points Managing representative objects Managing clusters of access points Selecting a domain controller
Importing/Exporting security profiles and directory objects Managing smart cards Managing SA server devices Managing RFID tokens Managing biometrics Managing Mobile Devices Enabling the public key authentication method Managing Emergency Accesses Managing audit events Managing reports Customizing configuration files Creating scripts Basic syntax of regular expressions Listing audit events and error codes Correspondence between profiles and administration rights Report Models and Parameters List Custom Group Files Format

Defining the set of access points to represent

Subject

You must select the external access points that you want to be represented by the representative object.

Procedure

In the Configuration tab, in the Represented population area, use the Add and Remove buttons to choose the access points of external domains that you want to be represented by the representative.

In "no-access-point-management" mode, the represented population is everyone of a specific domain. It is not possible to expand the subtree of objects in a domain.

 

Selecting applications available to the representative

Subject

This section describes how to authorize the represented access point to log on to applications that are not part of their domain.

Before starting

The software corresponding to the application object must be installed on the access point.

Procedure

  1. Click the Available Applications tab.
    • The Available Applications tab appears.

  2. Click the Add/Remove buttons to select the application that you want to make accessible from external access points.
  3. To provide more details on the list of available applications, use the following buttons:
    • Allow/Forbid
      If you have added a group of applications and you wand to forbid one or more application(s) in this group, use the Allow and Forbid buttons.
    • Propagation method
      If you want to specify an application using the SSO propagation method, you must indicate a technical reference. The technical reference specified on the application is used by default, based on the descriptions in Section Defining the Single Sign-On properties of an application (SSO).

 

Displaying representative event logs

Displaying representative event logs

Subject

The Events tab allows you to display all the events that are directly or indirectly linked to the selected object, for a defined period (the last two days by default). This report contains both user actions and administration actions records.

Restriction

The Events tab only appears if you have the following administration role:

  • In classic administration mode: "Auditor".
  • In advanced administration mode, your role must contain the following administration right: "User security profile: Creation/Modification" or "Audit: Visualization".

NOTE: For more information on administration roles, see Section Managing administrators.

Procedure

  1. In the tree structure of the Directory panel, select the representative to audit.
  2. Click the Events tab.
    • The Events tab appears.

  3. In the Filter area, set a period of time to filter the log entries and click Apply (for more information on event logs see Section Managing audit events).

Renaming representative objects

Before starting

To perform the task described in this section, you must have the following administration role:

  • In classic administration mode: "Security object administrator".
  • In advanced administration mode, your role must contain the following administration right: "Representative: Creation/Modification".
Procedure
  1. In the tree structure of the Directory panel, right-click the representative object to rename and select Rename.
  2. Type the new name of the object and press Enter.
Related Documents