Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - One Identity Enterprise Access Management Console Administration Guide

Preface Overview Authenticating to EAM Console and Managing Protection Modes Searching the Directory Tree Managing administrators Managing Security Profiles
Managing time slices Managing Password Format Control Policies Managing User Security Profiles Managing Access Point Security Profiles Managing Application Security Profiles Defining Security Profiles Default Values Managing User and Access Point Security Profiles Priorities
Managing directory objects
Managing applications Managing users Managing access points Managing representative objects Managing clusters of access points Selecting a domain controller
Importing/Exporting security profiles and directory objects Managing smart cards Managing SA server devices Managing RFID tokens Managing biometrics Managing Mobile Devices Enabling the public key authentication method Managing Emergency Accesses Managing audit events Managing reports Customizing configuration files Creating scripts Basic syntax of regular expressions Listing audit events and error codes Correspondence between profiles and administration rights Report Models and Parameters List Custom Group Files Format

CREATE_ACCESS

CREATE_ACCESS

Definition

This command creates an access, which allows a user to access an application.

Syntax

CREATE_ACCESS(appName,userName,userType,accountType,
appProfile_Name,roleName,dynamicAccount)

Examples
  • In a simple configuration, you can type the following command to allow the user jSmith to access the acmeApp application:

    CREATE_ACCESS(acmeApp,jDupont,USER,STANDARD,DEFAULT,NOROLE,FALSE)

  • If you want to allow jSmith to access acmeApp with the Vendor role, type:

CREATE_ACCESS(acmeApp,jDupont,USER,STANDARD,DEFAULT,Vendor,FALSE)

  • The following command allows the group of users tinyGroup who uses a shared account to access acmeApp:

CREATE_ACCESS(acmeApp,tinyGroup,USER,SHARED,DEFAULT,NOROLE,FALSE)

CREATE_ACCOUNT

CREATE_ACCOUNT

Definition

This command allows you to create an account, which allows a user to log on to an application.

Syntax

CREATE_ACCOUNT(accountType,userName,appName,roleName,
accountOwner,loginName,Password)

Where:

 

Argument name

Description

accountType

Account type. This argument takes one of the following values (in uppercase letters):

STANDARD: standard account.

SHARED: the account is shared between several users who belong to the same group of users.

userName

Depending on the accountType value, userName must not refer to the same object:

If accountType = STANDARD, enter the name of a user as it appears in E-SSO Console.

If accountType = SHARED, enter the name of a group of users.

appName

Application name as it is declared in EAM Console.

roleName

If the user uses several accounts to log on to the application, enter the name of the role associated with the wanted account. If the user has only one account, enter NOROLE.

accountOwner

If accountType = SHARED, enter the name of the account owner.

If accountType = STANDARD, enter NOVALUE.

loginName

Login name value.

Password

Password value.

Examples
  • To create a standard account for jSmith and the acmeApp application:

    CREATE_ACCOUNT(STANDARD,jDupont,acmeApp,NOROLE,NOVALUE,LoginName,Password)

  • To create a shared account for the group of users tinyGroup (which is owned by user admin) and the acmeApp application, enter:

    CREATE_ACCOUNT(SHARED,tinyGroup,acmeApp,NOROLE,admin,LoginName,Password)

CREATE_COMPUTER_ACCOUNT

Subject

This command allows you to create a Windows generic account, which you can associate with an access point. Once the association is performed, all the users connecting to this access point can open a Windows session with this specific Windows generic account.

For more information, see Assigning a generic account to an access point.

Syntax

CREATE_COMPUTER_ACCOUNT(computerName,loginName,Password,
windowsAccount,genericAccount)

Where:

Argument name

Description

computerName

Computer name as it is declared in EAM Console.

loginName

Login name value:
(DOMAIN\login or computer name\login).

Password

Password value.

windowsAccount

TRUE or FALSE: the user can open other Windows account sessions.

genericAccount

TRUE or FALSE: the generic account session is never locked automatically.

Example

CREATE_COMPUTER_ACCOUNT(MyComputer,MyDomain\JohnDoe,Password0,TRUE,TRUE)

Importing script files

Importing script files

Before starting

A text file containing the script commands must be created and saved as a WGS file.

Procedure
  1. In the Script Editor window, click Import.
  2. Select in the displayed window the wanted WGS file and click Open.
    • The content of the file appears in Script Editor window, as in the following example:

Related Documents