Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - One Identity Enterprise Access Management Console Administration Guide

Preface Overview Authenticating to EAM Console and Managing Protection Modes Searching the Directory Tree Managing administrators Managing Security Profiles
Managing time slices Managing Password Format Control Policies Managing User Security Profiles Managing Access Point Security Profiles Managing Application Security Profiles Defining Security Profiles Default Values Managing User and Access Point Security Profiles Priorities
Managing directory objects
Managing applications Managing users Managing access points Managing representative objects Managing clusters of access points Selecting a domain controller
Importing/Exporting security profiles and directory objects Managing smart cards Managing SA server devices Managing RFID tokens Managing biometrics Managing Mobile Devices Enabling the public key authentication method Managing Emergency Accesses Managing audit events Managing reports Customizing configuration files Creating scripts Basic syntax of regular expressions Listing audit events and error codes Correspondence between profiles and administration rights Report Models and Parameters List Custom Group Files Format

Managing lost or theft smart cards

Managing lost or theft smart cards

Task to perform

In classic administration mode, you must have:

In advanced administration mode, you must have:

Disabling temporarily smart cards

"Smart card administrator" and at least "Security object administrator" or "access" or "rights"

"Token: Modification" and "Directory: Browsing"

Sending smart cards to a blacklist

"Smart card administrator" and at least "Security object administrator" or "access" or "rights"

"Token: Blacklist" and "Directory: Browsing"

In this section:

Disabling/enabling temporarily smart cards

Disabling/enabling temporarily smart cards

Subject

You can temporarily disable a smart card (when a user forgets his/her card, for example). The temporary deactivation allows you to make a smart card disabled but without deleting its assignment.

Procedures

From the Smart Card panel

  1. In the Smart Card panel, click the Reports tab.
  2. In the displayed window, filter if needed the smart cards to display and click Apply.
  3. Select the wanted smart card and click Disable/Enable.
    • The smart card is now disabled.

From the Directory panel

  1. In the tree structure of the Directory panel, select the user for which you want to unlock a smart card.
  2. In the Smart Card tab, click the Disable/Enable button.
    • The smart card is now disabled.

 

Blacklisting smart cards

Blacklisting smart cards

Subject

When a smart card is blacklisted, it is no longer usable. It is possible to remove a card from the black list and to assign/format it again to make it usable again.

NOTE: If the card is removed from the black list from the EAM console, it may not be possible to format it (the PUK is no longer known by EAM); you are advised to format the card whereas it is blacklisted.

Procedures

From the Smart Card panel

  1. In the Smart Card panel, click the Reports tab.
  2. In the displayed window, filter if needed the smart cards to display and click Apply.
  3. Select the wanted smart card and click Blacklist.
    • A confirmation window appears.
  4. Validate information.
    • The smart card is blacklisted.

From the Directory panel

  1. In the tree structure of the Directory panel, select the user for which you want to blacklist a smart card.
  2. Select the wanted smart card and click the Blacklist button.
    • A confirmation window appears.
  3. Validate information.
    • The smart card is blacklisted.

      NOTE: To get more information on the administrator who performed this operation and the date when it occurs, just click the Blacklist tab.

Assigning a loan card

Assigning a loan card

When a user has forgotten, lost his/her smart card or when his/her smart card has been stolen, you can assign him/her a loan card. In this case, the principal card of the user is deactivated: a user can only have one active card at a time. The assignment procedure is described in Section Modifying authentication parameters of an assigned smart card.

Related Documents