Subject |
This guide explains how to configure and use QRentry to control, from your mobile device, the access to your:
| ||||||
Audience |
This guide is intended for:
| ||||||
Required Software | EAM 9.0 evolution 2 and later versions. For more information about the versions of the required operating systems and software solutions quoted in this guide, please refer to One Identity EAM Release Notes. | ||||||
Typographical Conventions |
Bold Indicates:
| ||||||
Italics - Indicates references to other guides. | |||||||
Code - Indicates portions of program codes, command lines or messages displayed in command windows. | |||||||
CAPITALIZATI ON Indicates specific objects within the application (in addition to standard capitalization rules). | |||||||
< > Identifies parameters to be supplied by the user. | |||||||
Legend
| |||||||
Documentation support | The information contained in this document is subject to change without notice. As our products are continuously enhanced, certain pieces of information in this guide can be incorrect. Send us your comments or suggestions regarding the documentation on the One Identity support website. |
With the advent of mobile devices, our work habits have changed. Indeed, more and more enterprise applications must be accessed through mobile platforms. Users want to access their computers easily without having to remember several different passwords.
To help them access their computer(s) and enterprise applications easily with different security levels (PIN, biometrics), One Identity has created an application for mobile devices: QRentry.
QRentry makes access to your Web enterprise applications and to your computer(s) easier, allowing you to launch your applications without having to sign-in and to authenticate on your computer with your mobile device at all times. By protecting local administrator accounts, QRentry securely manages technical interventions on employees’ computers, with the required traceability.
|
NOTE: In this guide, the term mobile device designates smartphones and/or tablets. |
QRentry enables you to access your applications with your mobile device. Your applications are launched in an integrated web browser without having to sign-in.
You can also store personal notes containing Wi-Fi, license keys or other application passwords to access personal applications.
For more information, see Using Enterprise SSO for Mobile Devices.
|
NOTE: To use E-SSO on your mobile devices and all the associated features described in the section above, you must own the corresponding license. For more information, please contact your One Identity marketing representative. |
For more information, see Using QRentry Authentication Manager.
|
IMPORTANT: To use QRentry Authentication Manager on your mobile devices and all the associated features described in the section above, you must own the corresponding license. For more information, please contact your One Identity marketing representative. |
Every computer has a local administrator account: this account is automatically created upon the installation of the Windows operating system. This all-powerful account deserves special attention in any corporate systems, as it may have potentially access on every file and application on the network.
In many cases, multiple users can have access to the local administrator account. It is thus impossible to identify the actual person using this account.
QRentry helps you secure and improve the control of the local administrator account in your network:
For more information, see Using QRentry Authentication Manager.
|
IMPORTANT: To use QRentry Authentication Manager on your mobile devices and all the associated features described in the section above, you must own the corresponding license. For more information, please contact your One Identity marketing representative. |
The QRentry authentication process relies on the use of 2048-bit RSA private/public key pair. Each key pair is associated with a user and/or a set of computers. The public key is stored in the directory. The private key is securely stored on the mobile device and optionally sequestered in the directory.
The following schema shows the different steps to prepare a mobile device for QRentry, which are:
This section is intended to EAM administrators. It explains how to configure a User Security profile to allow users to use QRentry.
You have the following administration role:
Example:
|
NOTE: For a complete description of this tabbed panel, please refer to the Security tabbed panel (detailed description) sub-section hereunder. |
Field |
Description | ||||
Users can enroll their mobile device |
This check box enables the users associated with the user security profile to enroll their mobile device for QRentry. | ||||
Launch the enrollment wizard if necessary |
This check box allows you to start automatically the enrollment wizard on the user’s computer except if:
| ||||
Maximum number of devices per user |
Self-explanatory If you enter 0, then the user can have as many mobile devices as he wants. | ||||
Verify the Unique Identifier of the device during enrolment |
When this option is selected, the Unique Identifier (a.k.a IMEI) of the user’s mobile device is checked upon the enrollment process. This allows you to restrict the set of mobile devices a user can use.
| ||||
Required protection level |
Protection method of QRentry start on the user’s mobile device:
| ||||
Update configuration when application starts |
The configuration is updated each time the application starts. | ||||
Update configuration every x days |
The configuration is updated every x days.
| ||||
Upload Audit events immediately |
Each time the Web server is reachable, the audit events are uploaded immediately. | ||||
List of Servers |
List of the servers that can be reached by the mobile device to download the Enterprise SSO configuration and to upload audit events. |
The following procedure:
|
NOTE: On many devices, the Unique Identifier can be retrieved by keying *#06#. |
|
IMPORTANT: You can add a Unique Identifier, even if the Verify the Unique Identifier of the device during enrolment option is not selected. This is useful if you want to restrict the set of mobile devices for a particular user only. |
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy