Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - One Identity Enterprise Access Management Console Administration Guide

Preface Overview Authenticating to EAM Console and Managing Protection Modes Searching the Directory Tree Managing administrators Managing Security Profiles
Managing time slices Managing Password Format Control Policies Managing User Security Profiles Managing Access Point Security Profiles Managing Application Security Profiles Defining Security Profiles Default Values Managing User and Access Point Security Profiles Priorities
Managing directory objects
Managing applications Managing users Managing access points Managing representative objects Managing clusters of access points Selecting a domain controller
Importing/Exporting security profiles and directory objects Managing smart cards Managing SA server devices Managing RFID tokens Managing biometrics Managing Mobile Devices Enabling the public key authentication method Managing Emergency Accesses Managing audit events Managing reports Customizing configuration files Creating scripts Basic syntax of regular expressions Listing audit events and error codes Correspondence between profiles and administration rights Report Models and Parameters List Custom Group Files Format

Correspondence between profiles and administration rights

The following table lists all the predefined administration profiles (in classic administration mode) and their corresponding administration rights in advanced administration mode.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Classic administration
mode: administration profile
name

 

Advanced
administration
mode:
administration right
name

Access administrator

Application administrator

Access point administrator

Security policy administrator

Smart card administrator

User administrator

Infrastructure administrator

File Encryption administrator

SSO account administrator

Auditor

Helpdesk operator

Authorize propagation of
administration rights

Temporary password access: Creation

 

 

 

 

 

 

 

 

 

 

X

 

Temporary password access: Change duration

 

 

 

 

 

 

 

 

 

 

 

 

Temporary password access: Deletion

 

 

 

 

 

 

 

 

 

 

X

 

Directory: Browsing

X

X

X

X

X

X

X

X

X

 

 

 

Application: Audit filter assignment

 

X

 

X

 

 

 

 

 

 

 

 

Application: Creation/Modification

 

X

 

X

 

 

 

 

 

 

 

 

Application: Manage all applications

 

X

 

 

 

 

 

 

 

 

 

 

Application: Deletion

 

 

 

X

 

 

 

 

 

 

 

 

Audit: Visualization

 

 

 

 

 

 

 

 

 

X

 

 

Authorization to use application: Creation/Modification

X

 

 

X

 

 

 

 

 

 

 

 

Authorization to use application: Deletion

X

 

 

X

 

 

 

 

 

 

 

 

Authorization for user on access point: Creation/Modification

 

 

X

X

 

 

 

 

 

 

 

 

Authorization for user on access point: Deletion

 

 

X

X

 

 

 

 

 

 

 

 

Authorization for application on access point: Creation/Modification

 

 

X

X

 

 

 

 

 

 

 

 

Authorization for application on access point: Deletion

 

 

X

X

 

 

 

 

 

 

 

 

PKA authority. Creation/Modification

 

 

 

X

 

 

X

 

 

 

 

 

PKA authority. Deletion

 

 

 

X

 

 

X

 

 

 

 

 

Audit database: Management

 

 

 

 

 

 

 

 

 

X

 

 

Bio: Display user data

 

 

 

 

 

 

 

 

 

 

 

 

Bio: Is enable to allow biometrics pattern enrollment

 

 

 

 

 

 

 

 

 

 

 

 

Token: Assignment

 

 

 

 

X

 

 

 

 

 

 

 

Token: Force PIN

 

 

 

 

X

 

 

 

 

 

 

 

Token: Formatting

 

 

 

 

X

 

 

 

 

 

 

 

Token: Blacklist

 

 

 

 

X

 

 

 

 

 

 

 

Token: Modification

 

 

 

 

X

 

 

 

 

 

 

 

Token: Lending

 

 

 

 

X

 

 

 

 

 

 

 

File Encryption key Generation

 

 

 

 

 

 

 

X

 

 

 

 

Account: Creation/Modification

X

 

 

X

 

 

 

 

X

 

 

 

Account: Manage parameters

 

 

 

 

 

 

 

 

X

 

 

 

Account: Deletion

X

 

 

X

 

 

 

 

X

 

 

 

Token configuration: Creation/Modification

 

 

 

 

X

 

 

 

 

 

 

 

Token configuration: Deletion

 

 

 

 

X

 

 

 

 

 

 

 

Technical reference: Creation/Modification

 

X

 

X

 

 

 

 

 

 

 

 

Technical reference: Deletion

 

X

 

X

 

 

 

 

 

 

 

 

Roaming: Delete user's sessions

 

 

 

 

 

 

 

 

 

 

 

 

Audit filter: Creation/Modification

 

 

 

X

 

 

 

 

 

 

 

 

Audit filter: Deletion

 

 

 

X

 

 

 

 

 

 

 

 

Cluster: Creation/Modification

 

 

 

 

 

 

 

 

 

 

 

 

Cluster: Remove

 

 

 

 

 

 

 

 

 

 

 

 

Time slice: Creation/Modification

 

 

 

X

 

 

 

 

 

 

 

 

Time slice: Deletion

 

 

 

X

 

 

 

 

 

 

 

 

Batch of cards: Creation/Modification

 

 

 

X

 

 

 

 

 

 

 

 

Batch of cards: Deletion

 

 

 

X

 

 

 

 

 

 

 

 

Parameter: Creation/Modification

X

X

 

X

 

 

 

 

 

 

 

 

Parameter: Deletion

X

X

 

X

 

 

 

 

 

 

 

 

Password format control policy: Creation/Modification

 

 

 

X

 

 

 

 

 

 

 

 

Password format control policy: Deletion

 

 

 

X

 

 

 

 

 

 

 

 

Password generation policy: Creation/Modification

 

 

 

X

 

 

 

 

 

 

 

 

Password generation policy: Deletion

 

 

 

X

 

 

 

 

 

 

 

 

Group policy: Modification

 

 

 

X

 

 

 

 

 

 

 

 

Group: Modifying members

 

 

 

 

 

 

 

 

 

 

 

 

Administration profile: Audit filter assignment

 

 

 

X

 

 

 

 

 

 

 

 

Administration profile: Creation/Modification

 

 

 

 

 

 

 

 

 

 

 

 

Administration profile: Delegation

 

 

 

 

 

 

 

 

 

 

 

X

Administration profile: administration rights manager

 

 

 

 

 

 

 

 

 

 

 

 

Administration profile: Deletion

 

 

 

 

 

 

 

 

 

 

 

 

Application profile: Creation/Modification

 

 

 

X

 

 

 

 

 

 

 

 

Application profile: Deletion

 

 

 

X

 

 

 

 

 

 

 

 

Access point security profile: Assignment

 

 

 

X

 

 

 

 

 

 

 

 

Access point security profile: Audit filter assignment

 

 

 

X

 

 

 

 

 

 

 

 

Access point security profile: Creation/Modification

 

 

 

X

 

 

 

 

 

 

 

 

Access point security profile: Deletion

 

 

 

X

 

 

 

 

 

 

 

 

User Security Profile: Assignment

 

 

 

X

 

X

 

 

 

 

 

 

User Security Profile: Audit filter assignment

 

 

 

X

 

X

 

 

 

 

 

 

User Security Profile: Creation/Modification

 

 

 

X

 

 

 

 

 

 

 

 

User Security Profile: Deletion

 

 

 

X

 

 

 

 

 

 

 

 

Reporting: Administration

 

 

 

 

 

 

 

 

 

X

 

 

Reporting: Creation/Modification

 

 

 

 

 

 

 

 

 

X

 

 

Reporting: Model import

 

 

 

 

 

 

 

 

 

X

 

 

Reporting: Report deletion

 

 

 

 

 

 

 

 

 

X

 

 

Reporting: Model deletion

 

 

 

 

 

 

 

 

 

X

 

 

Reporting: View reports

 

 

 

 

 

 

 

 

 

X

 

 

Representative: Creation/Modification

 

 

 

X

 

 

X

 

 

 

 

 

Representative: Deletion

 

 

 

X

 

 

X

 

 

 

 

 

User role. Creation/Modification

X

 

 

X

 

 

 

 

 

 

 

 

User role. Deletion

X

 

 

X

 

 

 

 

 

 

 

 

Self Service Password Request: Challenge generation

X

 

X

X

X

 

 

X

 

 

X

X

Self Service Password Request: Reset attempt counter

X

 

 

X

 

 

 

X

 

 

X

 

Self Service Password Request: Deleting answers

X

 

X

X

X

 

 

X

 

 

X

X

User: Modification

 

 

 

X

 

X

 

 

 

 

 

 

User: Modifying password

 

 

 

 

 

X

 

 

 

 

X

 

Report Models and Parameters List

In this section:

Report List

You will find hereunder the list of report models provided by One Identity with their description and their respective parameters.

ID

Category

Name

Description

Mandatory (M)/Optional (O) parameters

101

Activity

Granted accesses

List of granted accesses, i.e users' accesses which primary authentication is successful

Begin Date (M)

End Date (M)

User custom group (O)

User custom group file (O)

Authentication method name (O)

102

Activity

Primary password changes

Users primary password change events

Begin Date (M)

End Date (M)

User custom group (O)

User custom group file (O)

103

Activity

Emergency access usage

Users who answered emergency access questions, i.e users who used SSPR

Begin Date (M)

End Date (M)

User custom group (O)

User custom group file (O)

104

Activity

Account creations

List of users who collected their SSO accounts

Begin Date (M)

End Date (M)

Application (O)

User custom group (O)

User custom group file (O)

105

Activity

Authentication methods statistics

Number of primary authentications for each method

Begin Date (M)

End Date (M)

User custom group (O)

User custom group file (O)

106

Activity

Primary password changes stats

Users primary password changes statistics

Begin Date (O)

End Date (O)

User custom group (O)

User custom group file (O)

107

Activity

SSO operations statistics

Top X of applications that made the most SSO operations

Begin Date (M)

End Date (M)

Top N (O) => Integer (>0)

User custom group (O)

User custom group file (O)

108

Activity

E-SSO users enrolments

Statistics on users who authenticated to E-SSO

Begin Date (O)

End Date (O)

User custom group (O)

User custom group file (O)

109

Activity

Roaming sessions

List of roaming sessions, ended and still active

User custom group (O)

User custom group file (O)

110

Activity

Application activity

Activity of an application, i.e SSO audit events for an application

Begin Date (M)

End Date (M)

Application (M)

User custom group (O)

User custom group file (O)

111

Activity

Delegated cluster activity

 

Activity of a delegated cluster, i.e audit events of session delegations related to a computer contained in the delegated cluster

Begin Date (M)

End Date (M)

User custom group (O)

User custom group file (O)

112

Activity

Audit load balancing

Load balancing between servers

Begin Date (M)

End Date (M)

113

Activity

Failed accesses

List of failed accesses, i.e users' primary authentications that failed

Begin Date (M)

End Date (M)

User custom group (O)

User custom group file (O)

114

Activity

Delegation changes

List of delegation changes, i.e changes in user account delegations

Begin Date (M)

End Date (M)

User custom group (O)

User custom group file (O)

Application (O)

115

Activity

Multi-user access points

List of multi-user access points, i.e access points where several user connections exist

Begin Date (M)

End Date (M)

Access point custom group (O)

Access point custom group file (O)

201

Snapshot

Emergency access collection

List of users who registered answers to emergency access

Begin Date (M)

End Date (M)

User custom group (O)

User custom group file (O)

202

Snapshot

Application accesses

List of effective users' accesses to applications

Begin Date (M)

End Date (M)

User custom group (O)

User custom group file (O)

Application (O)

203

Snapshot

Shared accounts

Shared accounts

Application (O)

204

Snapshot

Delegated accounts

List of delegated accounts currently delegated

User custom group (O)

User custom group file (O)

Application (O)

205

Snapshot

Users access rights

List of user's authorized applications and accounts

User custom group (O)

User custom group file (O)

Application (O)

206

Snapshot

Administrators

List of administrators, i.e users with administration profiles

User custom group (O)

User custom group file (O)

207

Snapshot

E-SSO users

List of users who authenticated to E-SSO

User custom group (O)

User custom group file (O)

208

Snapshot

Tokens

List of users having a permanent smartcard

Begin Date (O)

End Date (O)

User custom group (O)

User custom group file (O)

209

Snapshot

Temporary tokens

List of users having a temporary smartcard

Begin Date (O)

End Date (O)

User custom group (O)

User custom group file (O)

210

Snapshot

RFID badges

List of users having RFID badges

Begin Date (O)

End Date (O)

User custom group (O)

User custom group file (O)

212

Snapshot

Biometrics

List of users having biometrics, i.e users having enrolled their fingerprints

Begin Date (O)

End Date (O)

User custom group (O)

User custom group file (O)

213

Snapshot

Mobiles

List of users having enrolled a mobile

Begin Date (O)

End Date (O)

User custom group (O)

User custom group file (O)

214

Snapshot

Installed computers

List of installed computers

Begin Date (O)

Access point custom group (O)

Access point custom group file (O)

Version (O)

215

Snapshot

Application accounts

List of application accounts, i.e accounts managed by E-SSO per application

User custom group (O)

User custom group file (O)

Application (O)

216

Snapshot

User accounts

List of user accounts

User custom group (O)

User custom group file (O)

Application (O)

User (O)

217

Snapshot

Defined application accesses

List of user accesses defined for an application

User custom group (O)

User custom group file (O)

Application (O)

218

Snapshot

Clusters

List of clusters

No parameter

219

Snapshot

Cluster delegations

List of clusters delegations

No parameter

220

Snapshot

Policy snapshot

Snapshot of the E-SSO policy with: user and access points policies, PFCP, PGP, ...

No parameter

221

Snapshot

Reports

List of reports and downloads

Begin Date (M)

End Date (M)

User custom group (O)

User custom group file (O)

223

Snapshot

Session delegations

List of session delegations

User custom group (O)

User custom group file (O)

224

Snapshot

Non collected SSO accounts

List of not collected SSO accounts, i.e users that have some application accesses defined, but for which no account has been attributed

Application (O)

User custom group (O)

User custom group file (O)

225

Snapshot

Mobiles per OS

List of mobiles per OS

Begin Date (O)

User custom group (O)

User custom group file (O)

OS (O)

301

Risk

Primary password reset

List of users' primary password reset from UAS console

Begin Date (M)

End Date (M)

User custom group (O)

User custom group file (O)

302

Risk

Users with no activity

Users with no activity

Begin Date (M)

User custom group (O)

User custom group file (O)

303

Risk

Access points with no activity

Access points having no activity

Begin Date (M)

Access point custom group (O)

Access point custom group file (O)

User custom group (O)

User custom group file (O)

304

Risk

Unused SSO accounts

Unused SSO accounts, i.e SSO accounts not present in audit logs

Begin Date (M)

User custom group (O)

User custom group file (O)

305

Risk

Audit removal

List all access points where the audit cache file was removed

Begin Date (M)

End Date (M)

Access point custom group (O)

Access point custom group file (O)

306

Risk

Access point failed access

List of non allowed access attempts: unauthorized access points or unauthorized periods

Begin Date (M)

End Date (M)

Access point custom group (O)

Access point custom group file (O)

User custom group (O)

User custom group file (O)

307

Risk

Users with password not changed

List of users who did not change their primary password

Begin Date (M)

User custom group (O)

User custom group file (O)

308

Risk

Users with password change

List of users who changed their primary password

Begin Date (M)

User custom group (O)

User custom group file (O)

309

Risk

Temporary password accesses

List of current users with temporary password accesses

User custom group (O)

User custom group file (O)

310

Risk

Application unused SSO accounts

List of SSO accounts not used and ordered by application

Begin Date (M)

User custom group (O)

User custom group file (O)

Application (O)

311

Risk

Unknown SSO application accounts

List of application accounts not enrolled in the SSO

Application (M)

Account custom group file (M)

312

Risk

Applications with no activity

List of applications with no activity, i.e applications that do not appear in audit logs

Begin Date (M)

313

Risk

Users administration profiles

List of changes in users' administration profiles

Begin Date (M)

End Date (M)

User custom group (O)

User custom group file (O)

314

Risk

SSO accounts without application access

List of SSO accounts that have no applicative access and ordered by application

User custom group (O)

User custom group file (O)

Application (O)

401

Surveillance

Access point activity

Activity of an access point, i.e all its audit events

Begin Date (M)

End Date (M)

Access Point (M)

402

Surveillance

User authentication activity

Authentication activity related to a user, i.e only his/her authentication events

Begin Date (M)

End Date (M)

User (M)

403

Surveillance

User SSO activity

Activity of a user, i.e only his/her SSO events

Begin Date (M)

End Date (M)

User (M)

404

Surveillance

User administration activity

Administration activity related to a user, i.e only his/her administration events

Begin Date (M)

End Date (M)

User (M)

405

Surveillance

User activity

Activity of a user, i.e all his/her audit events

Begin Date (M)

End Date (M)

User (M)

406

Surveillance

Cluster activity

Activity of a cluster, i.e audit events of computers belonging to the cluster

Begin Date (M)

End Date (M)

Cluster (M)

407

Surveillance

Unknown users

List of unknown users, i.e users who have not used ESSO

User custom group (O)

User custom group file (O)

408

Surveillance

Unknown access points

List of all computers where no product is installed

Access point custom group (O)

Access point custom group file (O)

Parameter Description

You will find hereunder the description of the parameters listed in Report List.

NOTE: The mandatory parameters appear in Bold in the generation request creation wizard.

Parameter

Type

Description

Begin Date

Date

Report period begin date.
You can choose a date with the calendar.

End Date

Date

Report period End date.
You can choose a date with the calendar.

User custom group file

String

Parameter used to define the input CSV file amongst the other available and pre-configured CSV files to use to group users by custom groups.

Example: the users can be grouped by organizational entity, country, continent etc.

For more information, see Creating Custom Groups.

User custom group

String

Parameter used to filter data on user custom group.

Example: the users can be grouped by organizational entity, country, continent etc.

The available values are suggested. You can also insert:

A pattern such as AF% for all the groups starting with AF.

A unique value such as UNITED STATES.

Multiple values such as 'UNITED STATES', 'AMERICA'.
Each value must be set between simple quotes (') and separated by a comma (,).

Access point custom group file

String

Parameter used to define the input CSV file amongst the other available and pre-configured CSV files to use to group the access points by custom groups.

Example: the access points can be grouped by organizational entity, building, location etc.

For more information, see Creating Custom Groups.

Access point custom group

String

Parameter used to filter data on access point custom group.

Example: the access points can be grouped by organizational entity, building, location etc.

The available values are suggested. You can also insert:

A pattern such as AF% for all the groups starting with AF.

A unique value such as UNITED STATES.

Multiple values such as 'UNITED STATES', 'AMERICA'.
Each value must be set between simple quotes (') and separated by a comma (,).

Account custom group file

String

Parameter used to define the input CSV file amongst the other available and pre-configured CSV files to use to group accounts by custom groups.

Example: the accounts can be grouped by application.

For more information, see Creating Custom Groups and Custom Group Files Format.

Account custom group

String

Parameter used to filter data on account custom group.

Example: the accounts can be grouped by application.

The available values are suggested. You can also insert:

A pattern such as AF% for all the groups starting with AF.

A unique value such as LOTUS.

Multiple values such as 'LOTUS', 'OFFICE'.
Each value must be set between simple quotes (') and separated by a comma (,).

Authentication method name

String

Parameter used to filter on token class name. The authentication methods are suggested.

Application

String

Parameter used to filter data on an application.

Use the corresponding button to select the filter.

User

String

Parameter used to filter data for a user.

Use the corresponding button to select the filter.

Access point

String

Parameter used to filter data for an access point.

An access point can be a workstation or a mobile device.

Use the corresponding button to select the filter.

Cluster

String

Parameter used to filter data for a cluster.

Use the corresponding button to select the filter.

Version

String

Parameter used to filter data for a version.

The version parameter used for the report regarding the workstation list depends on the software installed on these stations.

Value examples for EAM Control, Enterprise SSO, Enterprise Studio and EAM Security: 8.00b0002, 800b0005, 8b00b0007, 9.00b0000.

OS

String

Parameter used to filter data on an OS.

OS example for mobile devices: Android, iOS.

Top N

Integer

Parameter used to display the N first objects.

 

Related Documents