Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - One Identity Enterprise Access Management Console Administration Guide

Preface Overview Authenticating to EAM Console and Managing Protection Modes Searching the Directory Tree Managing administrators Managing Security Profiles
Managing time slices Managing Password Format Control Policies Managing User Security Profiles Managing Access Point Security Profiles Managing Application Security Profiles Defining Security Profiles Default Values Managing User and Access Point Security Profiles Priorities
Managing directory objects
Managing applications Managing users Managing access points Managing representative objects Managing clusters of access points Selecting a domain controller
Importing/Exporting security profiles and directory objects Managing smart cards Managing SA server devices Managing RFID tokens Managing biometrics Managing Mobile Devices Enabling the public key authentication method Managing Emergency Accesses Managing audit events Managing reports Customizing configuration files Creating scripts Basic syntax of regular expressions Listing audit events and error codes Correspondence between profiles and administration rights Report Models and Parameters List Custom Group Files Format

Exporting a list of RFID tokens

Exporting a list of RFID tokens

Subject

You can export at any time a list of RFID tokens used in your company. This feature allows you to create reports for example. The generated files are created in the Comma Separated Value (CSV) format, which is particularly useful to exchange data between databases and spreadsheet software such as Microsoft Excel or Business Objects Crystal Reports.

Before starting

To perform the task described in this section, you must have at least the following administration role:

  • In classic administration mode: "Smart card administrator".
  • If you have authenticated with a smart card, you must be a "Smart card manager" (this right is granted at card assignation time, in the Administration tab) to be able to perform the task described in this section.

Procedure

  1. In the RFID panel, filter the entries that you want to export and click Apply.
    • The list of tokens appears.
  2. Click the Export button, and select in the displayed window the location to save the file.

Managing biometrics

Managing biometrics

IMPORTANT: Workstations using biometrics must be equipped with an EAM compliant biometric reader. For more information on the supported biometric devices, see One IdentityEAM Release Notes.
Subject

EAM Console allows you to manage the biometric enrollment of users.

Biometric mechanisms

EAM supports three modes to authenticate users with their biometric data.

  • The chosen mechanism must be selected in the directory from the two following objects:
  • In the access point security profile configuration: see Section Security Services Tab.

In the user security profile configuration: see Section Authentication Tab.

"Store on PC" mode

Biometric data and LDAP password of the user are stored in the workstation local cache. This data is protected by the EAM Client and the administration rights set for the workstation.
The user must enroll on each workstation he/she wants to use.

"Store on card" mode

The biometric data of the user and the PIN of the smart card are stored on the public area of the smart card, protected by the EAM Client. The user enrolls his/her biometric data once and carries this data in his/her smart card.

"Store on server" mode

The biometric data of the user is centralized by the EAM Controller and stored in the directory. To use this mode, an EAM Controller must be available to enable the authentication of the user.
The users enroll their biometric data once by typing their name and password before placing their fingerprints on the scanner. Then they can connect to every workstation of the EAM forest without having to enroll their biometric data on each workstation they use.
On every workstation on which the user authenticates, a local cache is created, as in the "Store on PC" mode: the EAM Controller retrieves biometric data from the directory to store it in this cache.

Interface design

To manage the biometric enrollment, you will use the following administration panels:

  • The Biometrics panel, which allows you to display and export the list of users who have enrolled their biometric data.

    NOTE: To enroll a user’s fingerprints directly on your workstation, you can click or the Biometrics menu and select Start Scan Assistant. The biometric enrollment wizard starts.

  • The Directory panel, which allows you to manage biometric enrollment in the user security profile, and for a specific user. It also allows you to configure biometric parameters in the access point profile.

In this section:

Defining the biometric enrollment policy

In this section:

Defining the user biometric profile

You define the biometric enrollment policy in the user security profile, as explained in Section Biometrics Tab.

Related Documents