Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - One Identity Enterprise Access Management Console Administration Guide

Preface Overview Authenticating to EAM Console and Managing Protection Modes Searching the Directory Tree Managing administrators Managing Security Profiles
Managing time slices Managing Password Format Control Policies Managing User Security Profiles Managing Access Point Security Profiles Managing Application Security Profiles Defining Security Profiles Default Values Managing User and Access Point Security Profiles Priorities
Managing directory objects
Managing applications Managing users Managing access points Managing representative objects Managing clusters of access points Selecting a domain controller
Importing/Exporting security profiles and directory objects Managing smart cards Managing SA server devices Managing RFID tokens Managing biometrics Managing Mobile Devices Enabling the public key authentication method Managing Emergency Accesses Managing audit events Managing reports Customizing configuration files Creating scripts Basic syntax of regular expressions Listing audit events and error codes Correspondence between profiles and administration rights Report Models and Parameters List Custom Group Files Format

Returning a loan card

Returning a loan card

From the Directory panel

  1. In the tree structure of the Directory panel, select the user for which you want to return loan card.
    • In the Smart Card tab, select the loan card to return and click Return.
  2. Select the smart card to return and click Return.
    • The formatting window appears.
  3. Fill in the window as described in Formatting smart cards.
    • Once the smart card is formatted, its state switches to Old card and the principal card becomes Enabled. The user can authenticate using his/her principal card again.

From the Smart Card panel

  1. In the Smart Card panel, click the Reports tab.
  2. Set the filter type (Type area of the Filter area) to temporary and the search root if needed and click Apply.
    • The window shows the list of smart card owners:

  3. Select the smart card to return and click Return.
    • The formatting window appears.
  4. Fill in the window as described in Section Formatting smart cards.
    • Once the smart card is formatted, its state switches to Old card and the principal card becomes Enabled. The user can authenticate again using his/her principal card.

Unlocking smart cards

Unlocking smart cards

Subject

A smart card can be locked for many reasons:

  • PIN forgotten.
  • Maximum number of attempts exceeded.
  • Validity period of the smart card expired.

To unlock it, several solutions are available depending on the cases, as shown in the following illustration:

The following sections describe the different methods that can be used to unlock smart cards from the Directory panel and from the Smart Card panel.

Task to perform

In classic administration mode, you must have:

In advanced administration mode, you must have:

Unlocking to Forcing PIN

"Smart card administrator"

"Token: Force PIN"

Unlocking by secret code

"Smart card administrator" and at least "Security object administrator" or "access" or "rights"

"Token: Modification" and "Directory: Browsing"

Unlocking by SSPR

"Smart card administrator" and at least "Security object administrator" or "rights" or "SSO Data Recover"

"Self Service Password Request: Answer deletion", "Self Service Password Request: Challenge generation" and "Self Service Password Request: Reset attempt counter".

Unlocking to extend the validity of smart cards

"Smart card administrator"

"Token: Modification"

In this section:

Setting administrator's contact information

Setting administrator's contact information

Subject

By default, when the end user locks his/her smart card, an information message appears telling him/her to contact the administrator. You can complete this message with more details on the contact, according to the following descriptions:

Procedure

  1. In the File menu, click Configuration.
    • The configuration window appears.
  2. Fill-in the General tab with any contact information useful to the end user (as the name, phone number or email address of the administrator).
  3. Click OK.

    The information message is completed with the following line: "Your contact is <information you entered in the General tab>".

Unlocking to Forcing PIN

Unlocking to Forcing PIN

Subject

You can force a new PIN to unlock the smart card of a user who has lost his/her code or exceeded the maximum number of login attempts.

Procedure

  1. In the Smart Card panel, click the button located in the tool bar.
    • The PIN code generation window appears.

  2. If necessary, insert the wanted smart card in the smart card reader.
  3. Either click Generate to create a random new PIN, or enter it manually in the New PIN Code field.
  4. Click Force.
    • The PIN is changed.
Related Documents