Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - One Identity Enterprise Access Management Console Administration Guide

Preface Overview Authenticating to EAM Console and Managing Protection Modes Searching the Directory Tree Managing administrators Managing Security Profiles
Managing time slices Managing Password Format Control Policies Managing User Security Profiles Managing Access Point Security Profiles Managing Application Security Profiles Defining Security Profiles Default Values Managing User and Access Point Security Profiles Priorities
Managing directory objects
Managing applications Managing users Managing access points Managing representative objects Managing clusters of access points Selecting a domain controller
Importing/Exporting security profiles and directory objects Managing smart cards Managing SA server devices Managing RFID tokens Managing biometrics Managing Mobile Devices Enabling the public key authentication method Managing Emergency Accesses Managing audit events Managing reports Customizing configuration files Creating scripts Basic syntax of regular expressions Listing audit events and error codes Correspondence between profiles and administration rights Report Models and Parameters List Custom Group Files Format

Smart card self enrollment

Smart card self enrollment

The EAM solution allows you to delegate the management of the smart cards to the users, so that you do not have to manage smart cards from the EAM console. This is the smart card self enrollment feature. When the user tries to authenticate using a smart card for which he/she knows the PIN, but that is not yet assigned, User Access asks for the user's login/password and assigns the card. This assignment does not appear in the console. If needed, the user can register several identities in the same card. This mode is configured in the XML configuration file.

NOTE: Users who may start the EAM console using a smart card cannot use this mode.

For more information on the smart card self-enrollment procedure, see Authentication Manager for Windows User's Guide.

Formatting an assigned smart card

Formatting an assigned smart card

Before assigning a smart card, you must be sure that it is not yet formatted. If it is already assigned to a user, this means that it contains data customized according to the directory where the user is registered. In this case, the smart card must be formatted.

For more information on the smart card formatting procedure, see Section Formatting smart cards.

Managing loan cards

Managing loan cards

 

Task to perform

In classic administration mode, you must have:

In advanced administration mode, you must have:

Assigning a loan card

"Smart card administrator" and at least "Security object administrator" or "access" or "rights"

"Token configuration: Lending" and "Directory: Browsing"

Returning a loan card

"Smart card administrator" and at least "Security object administrator" or "access" or "rights"

"Token configuration: Lending" and "Directory: Browsing"

In this section:

Assigning a loan card to a user

Assigning a loan card to a user

Subject

When a user has forgotten, lost his/her smart card or when his/her smart card has been stolen, you can assign him/her a loan card. In this case, the principal card of the user is deactivated: a user can only have one active card at a time.

NOTE:

  • If the principal card is reformatted or blacklisted, the loan card becomes the principal card.

  • You must have at least one blank smart card and two smart card readers.

Procedure

  1. In the tree structure of the Directory panel, click the user for which you want to assign a loan card.
  2. In the Smart Card tab, click Lend.
    • The loan card assignment window appears.
  3. Fill in the window as described in Section Assigning smart cards.
    • The loan card appears as Enabled and the principal card state changes to Temporary replaced.

 

Related Documents