Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - One Identity Enterprise Access Management Console Administration Guide

Preface Overview Authenticating to EAM Console and Managing Protection Modes Searching the Directory Tree Managing administrators Managing Security Profiles
Managing time slices Managing Password Format Control Policies Managing User Security Profiles Managing Access Point Security Profiles Managing Application Security Profiles Defining Security Profiles Default Values Managing User and Access Point Security Profiles Priorities
Managing directory objects
Managing applications Managing users Managing access points Managing representative objects Managing clusters of access points Selecting a domain controller
Importing/Exporting security profiles and directory objects Managing smart cards Managing SA server devices Managing RFID tokens Managing biometrics Managing Mobile Devices Enabling the public key authentication method Managing Emergency Accesses Managing audit events Managing reports Customizing configuration files Creating scripts Basic syntax of regular expressions Listing audit events and error codes Correspondence between profiles and administration rights Report Models and Parameters List Custom Group Files Format

Blacklisting and deleting an RFID token

Blacklisting and deleting an RFID token

There are two ways to blacklist and delete an RFID token, as detailed in the following subsections.

NOTE: When an RFID badge is blacklisted from the directory panel, the state of the badge under the user changes to History and the Blacklisted badge is created in the Blacklist directory.
If you delete the Blacklist badge, the History badge still exists. You must delete it to make it disappear.

In this section:

Blacklisting and deleting an RFID token from the Directory panel

Subject

This section describes how to blacklist and delete an RFID token from the Directory panel.

Before starting
  • To perform the task described in this section, you must have at least the following administration role:
    • In classic administration mode: "Smart card administrator".
    • In advanced administration mode, your role must contain the following administration rights: "Token: Blacklist" and "Directory: Browsing".
  • If you have authenticated with a smart card, you must be a "Smart card manager" (this right is granted at card assignation time, in the Administration tab) to be able to perform the task described in this section.

Procedure

  1. Browse the directory tree structure to select the wanted user and click the RFID tab.
    • The list of RFID tokens assigned to this user appears.
  2. Select the RFID token to blacklist and click the Blacklist button.
    • The state of the token changes to History.

  3. To delete it, select it and click the Delete button.
    • The token disappears from the list.

 

Blacklisting and deleting an RFID token from the RFID panel

Subject

This section describes how to blacklist and delete an RFID token from the RFID panel.

Before starting
  • To perform the task described in this section, you must have at least the following administration role:
    • In classic administration mode: "Smart card administrator".
    • In advanced administration mode, your role must contain the following administration rights: "Token: Assignment".
  • If you have authenticated with a smart card, you must be a "Smart card manager" (this right is granted at card assignation time, in the Administration tab) to be able to perform the task described in this section.

Procedure

  1. Modify the RFID filter (optional) and click the Apply button.
    • A list of RFID tokens appears.
  2. Select the RFID token to blacklist and click the Blacklist button.
    • The state of the token changes to Blacklisted.
  3. To delete it, select it and click the Delete button.
    • The token disappears from the list.

 

Modifying the detection areas and the grace period

Definitions

The detection areas

The RFID tokens and the antenna/transceiver are in constant encrypted two-way wireless communication with each other. When an authorized user approaches the workstation, the token unlocks the workstation when the user enters a pre-set detection zone (the unlock area) and allows the user to enter his/her password to log on.

The area starting from the sensor antenna through the limit of the lock range is called the visibility area. In this area, the EAM Controller is able to identify owners of RFID tokens.

When the authorized user moves out of this area, the workstation is automatically secured (the lock area).

The grace period

The grace period allows the user who comes back within the unlock area a few moments after leaving it, to unlock his/her workstation thanks to the RFID token only, without providing his/her password.
Once this period is elapsed, the user must enter his/her password in addition to the RFID token to log on.

Before starting
  • To perform the task described in this section, you must have at least the following administration role:
    • In classic administration mode: "Smart card administrator".
    • In advanced administration mode, your role must contain the following administration rights: "Token: Modification" and "Directory: Browsing".
  • If you have authenticated with a smart card, you must be a "Smart card manager" (this right is granted at card assignation time, in the Administration tab) to be able to perform the task described in this section.

Procedure

Modifying the detection areas

  1. In the tree structure of the Directory panel, select the access point security profile associated with the access points for which you want to modify the detection areas, and click the RFID tab.
    • The tab appears.

  2. Move the sliders to modify the values depending on your needs:
    • The upper slider allows you to define the unlock range.
    • The lower slider defines the lock range.
      It is not possible to set the second value lower than the first one.
  3. Click Apply.

Modifying the grace period

  1. In the Directory panel, select the user security profile associated with the users for whom you want to modify the grace period, and click the Security tab.
    • The tab appears.

  2. Modify the Grace period option.

    NOTE: Setting the grace period to 0 minute is equivalent to clearing the Grace period check box.
  3. Click Apply.
Related Documents