Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - One Identity Enterprise Access Management Console Administration Guide

Preface Overview Authenticating to EAM Console and Managing Protection Modes Searching the Directory Tree Managing administrators Managing Security Profiles
Managing time slices Managing Password Format Control Policies Managing User Security Profiles Managing Access Point Security Profiles Managing Application Security Profiles Defining Security Profiles Default Values Managing User and Access Point Security Profiles Priorities
Managing directory objects
Managing applications Managing users Managing access points Managing representative objects Managing clusters of access points Selecting a domain controller
Importing/Exporting security profiles and directory objects Managing smart cards Managing SA server devices Managing RFID tokens Managing biometrics Managing Mobile Devices Enabling the public key authentication method Managing Emergency Accesses Managing audit events Managing reports Customizing configuration files Creating scripts Basic syntax of regular expressions Listing audit events and error codes Correspondence between profiles and administration rights Report Models and Parameters List Custom Group Files Format

Deleting a CRL point of distribution or an OCSP responder

Deleting a CRL point of distribution or an OCSP responder

Procedure

To delete a CRL distribution point or an OCSP responder, select it from the list and click the Delete button.

  • The deleted CRL or OCSP responder is removed from the EAM PKA configuration in the domain directory and disappears from the list.

Managing Emergency Accesses

In this section:

Managing the emergency plan

Subject

The emergency plan enables you to allow users to retrieve their password through the EAM portal and receive it by email.

Before starting
  • An "emergency plan" license key must be installed on each EAM Controller and on the administration workstations (on which EAM Console is installed).
  • To activate the emergency plan, you must have the Emergency plan: Activation administration role.
  • To configure the email content, you must be a super administrator.
  • The application must be configure to allow the emailing of passwords: see Defining account properties - Password tab.
  • The emergency plan must be activated in the user security profile: see Security Tab.
  • To enable the UTF-8 characters, set the following registry key to 1: HKEY_LOCAL_MACHINE\SOFTWARE\Enatel\WiseGuard\
    FrameWork\Directory\SendSSODataInUTF8
    .

Procedure

  1. In the File menu, click Emergency Plan.
    • The Emergency Plan window appears.

  2. Click the Configure button to set the email content.
  3. Enter the following information:
    • The definition of the LDAP attribute used for the email. This attribute must be filled-in.
    • SMTP server name and an port number if the server does not use port 25 (default port).
    • The sender name.
    • The sender email address (optional).
    • The subject of the message.
    • The content of the email in plain text. The same content will be used for all users. You can use the following variables, which will be automatically replaced with their values upon the email generation:
      • %USER% => user display name.
      • %ACCOUNT_START%
      • %APP% => application name.
      • %LOGIN% => login.
      • %PWD% => password.
      • %PARAM% => parameter list, such as Name: Value, Name:Value...
      • %ACCOUNT_END%
  4. Click OK.
  5. Click Activate then OK.
    • The emergency plan is activated
  6. To be sure that everybody can access the emergency plan at the end of this procedure, you must force a directory replication.

Managing the emergency access

Subject

The emergency access enables you to authorize users to reset their primary password with Authentication Manager or through the EAM portal by receiving an OTP by SMS and/or email to provide with their new password.

Before starting
  • To configure the content of the emails and SMS, you must be a super administrator.
  • The password reset via OTP must be activated in the user security profile: see Self Service Password Request Tab.

Procedure

  1. In the File menu, click Configuration.
    • The Configuration window appears.
  2. Click the SSPR by Confirmation Code tab.
  3. Fill-in the tab using the instructions given in section "SSPR by Confirmation Code" Tab - Description hereunder.
  4. Click OK.
    • The emergency access by Confirmation Code is configured.
"SSPR by Confirmation Code" Tab - Description

  • Confirmation Code area
    • Validity duration: validity duration in minutes of the sent OTP. Past that, the OTP is not valid anymore and the user will have to request a new OTP.
      Default value: 5 minutes.
    • Length: number of characters of the OTP sent to the user.
      Default value: 8 characters.
  • Mail notifier configuration area
    • User's email address LDAP attribute: the definition of the LDAP attribute used for the email.
    • SMTP Server: SMTP server name to send emails.
    • Port: the port number if the server does not use port 25 (default port).
    • Secure connection using: type of connection to the server: TLS or SSL.
    • Authenticate to SMTP Server as: name and password of the user to enter to connect to the email server, if necessary.
    • Sender's display name: the sender name.
    • Sender's (and reply to) address: email address of the sender (optional).
    • Configure button: click this button to configure the email content. Enter the following information:

      The subject of the message.

      The content of the email in plain text. The same content will be used for all users. You can use the following variables, which will be automatically replaced with their values upon the email generation:

      • %CONFIRMATIONCODE% => OTP sent to the user.
      • %USER% => user display name.

SMS notifier configuration area

  • Mobile phone number LDAP attribute: the definition of the LDAP attribute used for the phone number.
  • Configure button: click this button to configure the SMS content. Enter the following information:

    The server name.

    The proxy (optional).

    The content of the SMS and the configuration parameters of the SMS to provide to the SMS sending server. The same content will be used for all users. You can use the following variables, which will be automatically replaced with their values upon the SMS generation:

    • %CONFIRMATIONCODE% => OTP sent to the user.
    • %PHONENUMBER% => user phone number.

Example:

Related Documents