EAM Customization Guide -...

EAM 9.0.2

Customization Guide

Copyright 2017 One Identity LLC.

ALL RIGHTS RESERVED.This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written permission of One Identity LLC .The information in this document is provided in connection with One Identity products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of One Identity LLC products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, ONE IDENTITY ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL ONE IDENTITY BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF ONE IDENTITY HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. One Identity make no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. One Identity do not make any commitment to update the information contained in this document.If you have any questions regarding your potential use of this material, contact:One Identity LLC.Attn: LEGAL Dept4 Polaris WayAliso Viejo, CA 92656Refer to our Web site (http://www.OneIdentity.com) for regional and international office information.

PatentsOne Identity is proud of our advanced technology. Patents and pending patents may apply to this product. For the most current information about applicable patents for this product, please visit our website at http://www.OneIdentity.com/legal/patents.aspx.

TrademarksOne Identity and the One Identity logo are trademarks and registered trademarks of One Identity LLC. in the U.S.A. and other countries. For a complete list of One Identity trademarks, please visit our website at www.OneIdentity.com/legal. All other trademarks are the property of their respective owners.

Legend

WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.

CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.

IMPORTANT, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.

EAM Customization GuideUpdated - December 2017Version - 9.0.2

http://www.oneidentity.com/

http://www.oneidentity.com/legal/patents.aspx

http://www.oneidentity.com/legal

Contents

Preface 5

Customizing EAM Windows 1

Customizing EAM Bitmaps 1

Changing Banners of EAM Authentication Windows 1

Changing the Banner of the Enterprise SSO "Security Data Collect" Window 2

Customizing the Authentication Screen Tiles (Windows 7/2008 only) 3

Customizing the Banner of the Multi-User Desktop Welcome Screen 3

Customizing EAM Windows for Smart Card Authentication 4

Changing the Smart Card icon 4

Changing the Text Labels 5

Customizing SSO Windows 6

SSO Window/Interaction Types 6

’New Account’ Window 6

’Bad Account’ Window 7

’Change Password’ Window 7

Activating the Customization 8

Managing the HTML Files 9

Placing the Files 9

Naming the Files 9

Organizing the Content of the files 9

Customizing the Windows 10

Removing the "Confirm password" Field from the "New account" Window 10

Informing Users of Password Constraints in the "Change Password"Window for the "Ticket Reservation Manager" Application 11

Customizing Error Messages 12

Localizing and Naming the Message File 13

Encoding the Messages File 14

Managing a Cache 14

Customizing the Data Displayed on the Desktop (Cluster and Multi-User Desktop) 16

EAM 9.0.2 Customization Guide 3

Customizing the Question Display for the SSPR 17

Customizing the PDF Report Graphic Style 20

Customizing the EAM Portal 24

Hiding EAM Portal Features 24

Adding an Additional Security Control (Captcha) 26

About us 27

Contacting us 27

Technical support resources 27

EAM 9.0.2 Customization Guide 4

Preface

SubjectThis guide describes how to use the Primary account, Access to applications and Self Enrollment menus of the Enterprise Access Management (EAM) portal.

Audience

This guide is intended for:

l System Integrators.

l Administrators.

Required Software

EAM 9.0 evolution 2 and later versions. For more information about the versions of the required operating systems and software solutions quoted in this guide, please refer to One Identity EAM Release Notes.

Typographical Conven-tions

Bold Indicates:

l Interface objects, such as menu names, buttons, icons and labels.

l File, folder and path names.

l Keywords to which particular attention must be paid. Italics - Indicates references to other guides.

Code - Indicates portions of program codes, command lines or messages displayed in command windows.

CAPITALIZATI ON Indicates specific objects within the application (in addition to standard capitalization rules).

< > Identifies parameters to be supplied by the user.

Legend

WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.

CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.

IMPORTANT, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.

Documentation support

The information contained in this document is subject to change without notice. As our products are continuously enhanced, certain pieces of information in this guide can be incorrect. Send us your comments or suggestions regarding the documentation on the One Identity support website.

EAM 9.0.2 Customization Guide

Preface5

1

Customizing EAM Windows

Customizing EAM Bitmaps

One Identity EAM allows you to easily customize bitmaps that are displayed in EAM windows. You can change:

l The banners displayed in EAM authentication windows.

l The banner that appears when Enterprise SSO needs to collect users security data.

l The bitmaps displayed in the authentication screen tiles (Windows 7/2008 only).

l The banner that appears when the Multi-User Desktop Welcome screen is displayed in fullscreen mode.

Changing Banners of EAM Authentication Windows

1. Modify or create a bitmap file (.bmp) that fits the following requirements:

l Width: 700 px (centered on the middle 500 pixels).

l Height: 72 px.

l Name: WGLogo.bmp.

2. Copy this file in the installation directory of your EAM software module (preferably in C:\Program Files\One Identity\Enterprise SSO to modify the Enterprise SSO authentication window banner).

The new banner appears in the authentication window, as in the following example:


Customizing EAM Windows1

Changing the Banner of the Enterprise SSO "Security Data Collect" Window

1. Modify or create a bitmap file (.bmp) that fits the following requirements:

l Width: 360 px.

l Height: 34 px.

l Name: ssobanner16M.bmp (24/32 bit colors) or ssobanner256.bmp (256 colors).

2. Copy this file in the installation directory of your Enterprise SSO software module (preferably in C:\Program Files\One Identity\Enterprise SSO).

When the Security Data Collect window appears, the new banner is displayed:



Customizing the Authentication Screen Tiles (Windows 7/2008 only)

In the Authentication Manager installation folder (by default: C:\Program Files\One Identity\Enterprise SSO), create the following bitmaps, with the size of 96x96 pixels:

l ESSOBioCredProv.bmp: the icon displayed for the biometric tile.

l ESSOBioCredProvActive.bmp: the icon displayed when the biometric tile is selected or selectable.

l ESSOCredProv.bmp: the icon displayed in the initial authentication screen for the smart card tile when no smart card is inserted.

l ESSOCredProvActive.bmp: the icon displayed when the smart card tile is selected or selectable.

l ESSOMobileCredProv.bmp: the icon displayed for the QRentry tile.

l ESSOMobileCredProvActive.bmp: the icon displayed when the QRentry tile is selected or selectable.

l ESSOPwdCredProv.bmp: the icon displayed for the password tile.

l ESSOPwdCredProvActive.bmp: the icon displayed when the password tile is selected or selectable.

l ESSOResetSecretCredProv.bmp: the icon displayed for the SSPR tile.

l ESSORFIDCredProv.bmp: the icon displayed for the RFID tile.

l ESSORFIDCredProvActive.bmp: the icon displayed when the RFID tile is selected or selectable.

Customizing the Banner of the Multi-User Desktop Welcome Screen

NOTE: This banner appears only when the Multi-User Desktop welcome screen is displayed in fullscreen mode.

In the EAM installation folder (by default: C:\Program Files\One Identity\Enterprise SSO), create a new FUSBanner image file with the following guidelines:

l Maximum recommended size: 850 x 240 pixels.

l Supported file extension: .bmp.



Customizing EAM Windows for Smart Card Authentication

One Identity EAM allows you to easily customize icons and text labels that are displayed in Authentication Manager and Enterprise SSO windows. This customization is only available for Smart Card authentication. You can change:

l The icons of the different states of the Smart Card displayed in EAM authentication windows.

l The text labels (Login, PIN and Log on to) displayed in EAM authentication windows.

Changing the Smart Card icon

1. Modify or create an icon file (.ico) that fits the following requirements:

l Width x height: 16 px.

l Icons and names:

l : BlankToken.ico.

l : ErrorToken.ico.

l : ReadyToken.ico.

2. Copy this file in the installation directory of your EAM software module (preferably in C:\Program Files\One Identity\Enterprise SSO).

The new smart card icon appears in the authentication window, as in the following example:



Changing the Text Labels

1. Create the following registry keys under HKEY_LOCAL_MACHINE\SOFTWARE\Enatel\WiseGuard\FrameWork\Authentication:

Key Name Type Description

UserLabel REG_SZ Changes the value of Login.

UserLabelToken REG_SZ Changes the value of Login when the Smart Card authentication method is selected.

SecretLabel REG_SZ Changes the value of PIN.Note: the modification is enabled only for smart card authentication.

LogOnToLabel REG_SZ Changes the value of Log on to.

NOTE:These keys can be deployed by GPO.

The new labels appear in the authentication window, as in the following example:



Customizing SSO Windows

Subject

You can change the appearance of certain Enterprise SSO windows that are displayed to users on Microsoft Windows workstations.

Description

By using the data-input capabilities of HTML and CSS, you can change the design and layout of E-SSO windows.

The windows are the ones which allow users to:

l Register a user name and a password for a managed application: new account window, see ’New Account’ Window.

l Change a user name or password that has been rejected by an application: bad account window, see ’Bad Account’ Window.

l Change the password registered for an application: change password window, see ’Change Password’ Window.

When this feature is activated, customized window definitions replace the standard window definitions for these three interactions: see Activating the Customization.

Default definitions can be created for each of the interaction types. Individualized window definitions can also be created for interactions related to particular applications.

Each customized window is defined by the contents of an HTML file on the hard disk of the user's workstation: see Managing the HTML Files.

Examples of SSO Window customization are available in Customizing the Windows.

SSO Window/Interaction Types

’New Account’ Window

Enterprise SSO opens the new account window when it detects a login window of an application for which the user has no registered account.

The window can also be opened directly by the user from the Enterprise SSO window.



The window prompts the user to select an account, a login name and a password for the application. The login and password must match those that are already recorded in the application itself.

Enterprise SSO can set an initial value for one or more of these elements and can prevent the user from changing one or more of the values.

’Bad Account’ Window

Enterprise SSO opens the bad account window when it detects that an application has rejected a registered login or password.

The window prompts the user to register a new login and/or password for the application. These must match the values already recorded in the application.

’Change Password’ Window

Enterprise SSO opens the change password window when it detects that an application has requested a password change. This request can be triggered by one of the following actors:



l The application itself.

l The user.

l Enterprise SSO.

The window prompts the user to register a new password for the application.

Activating the Customization

Subject

When this feature is activated, Enterprise SSO looks for definitions of supported window types in HTML files.

When, during an interaction with the user, Enterprise SSO cannot find or cannot read the appropriate file, or if the contents of the file do not meet Enterprise SSO requirements (see Organizing the Content of the files), Enterprise SSO uses the appropriate standard window instead, as if the customization feature were not activated.

Procedure

1. Place the UseHtmlSSODialogs DWORD value:

l With GPO under the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Enatel\SSOWatch\CommonConfig Windows registry key.

l Manually under the HKEY_LOCAL_MACHINE\SOFTWARE\Enatel\SSOWatch\CommonConfig key.

2. Set the value to 1.

The customization is activated.

NOTE: To deactivate customization, set the value to 0.



Managing the HTML Files

Placing the Files

When the customization feature is activated, Enterprise SSO tries to load window definition files from a directory on the local hard disk.

By default, Enterprise SSO tries to load files from its current working directory, i.e. the directory in which Enterprise SSO is installed. However the directory can be specified explicitly by creating a new string value, called HtmlDialogDirectory, in the Windows Registry. This value can be set under the same keys as the UseHtmlSSODialogs value: see the Procedure in Activating the Customization.

If you set this value, it must be the full path name of a directory on the workstation's local hard disk.

Naming the Files

The default file names used by Enterprise SSO for the three interactions described in SSO Window/Interaction Types are the following:

l NewAccount.html

l BadAccount.html

l ChangePassword.html

However, each time one of these interactions occurs, it occurs in the context of a particular managed application.

If a file exists and its name starts with the name of the E-SSO application object, continues with a '-' character and ends with the default file name; this file is used to define the window for the interaction. That is, if Enterprise SSO manages a user's access to an application called Supply Management, it tries to load a file called Supply Management-NewAccount.html when collecting the user name and password from the user.

If this file does not exist, Enterprise SSO tries to load a file called NewAccount.html. This means that it is possible, for example, to have two files for password-change interactions: a file called Supply Management-ChangePassword.html to be used to change passwords in the Supply Management application and the ChangePassword.html file to be used to change passwords in all other applications.

Organizing the Content of the files

The window definition files are normal HTML files that contain the information Enterprise SSO needs to display each window.



Enterprise SSO identifies HTML elements in the document using pre-defined values of the HTML id attribute and exchanges data with the user through these elements. For each window type, certain elements must be defined while others are optional.

The files also specify the window size and title. Windows are not resizable by the user and do not have scroll bars.

For full details of these requirements, see the example window definition files which can be found in the Enterprise SSO installation directory. These define windows for a fictitious application called Example.

Customizing the Windows

Subject

The following examples illustrate the customization of SSO Windows.

Prerequisite

If the customization feature is not already activated, activate it as explained in Activating the Customization.

Restriction

If a collection window is customized, then the parameters are taken into account in a second collection window displayed after the first one.

Removing the "Confirm password" Field from the "New account" Window

Description

The SSO dialog window customization feature supports the presence and the absence of a Confirm password field.

If the field is present, Enterprise SSO checks that the user has typed the same value into the Password and Confirm password fields when validating the new account data. If it is absent, the user only has to type the password once but there is a higher chance of typing the wrong password.

Procedure

1. In the Enterprise SSO installation directory, make a copy of the Example-NewAccount.html file and name the new file NewAccount.html.

2. Open the new file with a text or HTML editor.

3. Find and delete the following HTML elements with the:



l sso-pass-confirm id.

l Confirm password text.

4. Save the modified file.

If there are no other new account window definition files for individual applications, all new account interactions now use the new window definition file that has no Confirm password field.

Informing Users of Password Constraints in the "Change Password"Window for the "Ticket Reservation Manager" Application

Description

This informs users of Ticket Reservation Manager that passwords must contain at least three numeric characters.

Procedure

1. In the Enterprise SSO installation directory, make a copy of the Example-ChangePassword.html file and name the new file Ticket Reservation Manager-ChangePassword.html.

2. Open the new file with a text or HTML editor.

3. Find the div element containing the sso-app-name element.

4. After this element, insert a new div or p element containing the following text: The password must contain at least three numeric characters.

5. Find the CSS style rule that specifies the height property for the body element and increase the height value to accommodate the new text.

6. Save the modified file.

This new window definition is now used when the user changes the password for Ticket Reservation Manager.



2

Customizing Error Messages

Subject

You can customize error messages thanks to a file containing these messages.

Description

The file is filled-in by the E-SSO administrator with one message per line, such as: <message number><Tab><message text>.Example: 0x82002015 <tab> this is the customized text!

However, you can associate one message with several error codes, such as:<first message number>-<last message number><Tab><message text>.

Moreover, you can write a message text on several lines in the file (this will make the file easier to build and read rather than using \n in the text message). In that case, the syntax of the first line does not change. The next lines must follow this syntax: \+<rest of the text>.

Example:0x82002001-0x8200208F Authentication error!\+--Access is denied.

For more information on error codes, refer to One Identity EAM Console - Guide de l'administrateur.

Pre-requisites

The following conditions are mandatory:

l The customized message files cannot contain message numbers that are unknown to EAM.

l The customized messages files must be encoded with ANSI characters.

l The text of the message is separated from its number by a tab character.

l Each line that does not correspond to this format is ignored.

l Each line starting with // is considered as a comment.

l The text of the message can contain \t (tabulation) and \n (carriage return) characters for the display.


Customizing Error Messages12

NOTE: If the customized text of the message number cannot be retrieved from the file, the default message corresponding to the resource is used.

Localizing and Naming the Message File

Subject

To define the message file, you must set:

l Registry values in one of the following registry keys:

l With GPO: HKEY_LOCAL_MACHINE\\Software\\Enatel\\Wiseguard\\Framework\\Config

l Locally: HKEY_LOCAL_MACHINE\\Software\\Policies\\Enatel\\Wiseguard\\Framework\\Config

l The MessageFileUsed value to 1 to activate the customized message file.

Description

There are two cases to localize and name the message file. When you have:

l No predefined language: set the EssoMessageFilePath value containing the full pathname of the message file such as C:\folder\file.txt.

l One file per language: the message file is created by the administrator in the E-SSO installation directory. The file must be located in the folder set in one of the following registry keys:

l InstallDirectory. OR

l EssoMessage file Path

The search order of a message file is as follows (.<le> is the language extension):

1. An ESSOMessageFile.<le> file in the directory indicated by FrameWork\Config\InstallDirectory

2. The file indicated by FrameWork\Config\ESSOMessageFilePath

3. An ESSOMessageFile.<le> file in the repository indicated by FrameWork\Config\ESSOMessageFileInstallDir

4. An ESSOMessageFile.<le> file in the application’s current directory.

The <language extension> is the Windows number (two-digit hexadecimal value: 09, 0C, 01...) corresponding to the E-SSO installation language.

The following <language extension> list is supported:

l 01: Arabic

l 07: German

l 09: English



l 0A: Spanish

l 0B: Finnish

l 0C: French

l 10: Italian

l 11: Japanese

l 13: Dutch

l 19: Russian

l 1D: Swedish

Encoding the Messages File

The customized messages files must be encoded with ANSI characters. However, you can use files encoded with UTF-8 characters by setting the following registry value: FrameWork\Config\EssoMessageFileUTF8 (REG_DWORD)

The possible values you can set are:

l 0 (default): the message files contain ANSI text strings.

l 1: the message files are UTF-8 encoded.

Managing a Cache

Subject

To display an error message, E-SSO performs a sequential search until it finds the customized message associated with the provided error code. If no customized message is set, the default message is used.

Description

To speed up the search and display of an error message, you can activate the error message caching. When the message caching is activated, E-SSO:

l Loads the contents of the customized message file into the memory.

l Performs an indexed memory search to retrieve a customized message.

l Updates the memory cache when the customized message file is modified.

Procedure

To activate the message caching, set the REG_DWORD EssoMessageCacheUsed registry value to 1 under the E-SSO configuration registry keys.



3

Customizing the Data Displayed on the Desktop (Cluster and Multi-

User Desktop)

You can customize the data that appears at the foreground of the user’s desktop on workstations configured to run the Cluster feature or the Multi-User Desktop mode.

For details, see one of the following manuals:

l Cluster feature: Authentication Manager Cluster Administrator’s Guide.

l Multi-User Desktop: One Identity EAM Console - Guide de l'administrateur.


Customizing the Data Displayed on the Desktop (Cluster and Multi-User Desktop)

16

4

Customizing the Question Display for the SSPR

Subject

You can customize the way the questions are displayed in the SSPR windows, starting from Windows 7/2008 and onwards.

Description

By default, the questions are displayed in the text fields as follows:


Customizing the Question Display for the SSPR17

By setting a registry key, you can display the questions above the text fields as follows:



Procedure

1. Place the DisplayQuestionsSeparately DWORD value under one of the following registry keys:

l HKLM\SOFTWARE\Enatel\WiseGuard\AdvancedLogin l HKLM\SOFTWARE\Policies\Enatel\WiseGuard\AdvancedLogin(to configure with GPOs).

2. Set the value to 1.

The customization is activated.



5

Customizing the PDF Report Graphic Style

Subject

In the EAM console, you can create PDF reports (for more information, refer to the One Identity EAM Console - Guide de l'administrateur). If you want to, you can customize the layout of these reports by modifying their graphic style.

Description

You can customize the following elements:

l Logo: to integrate the logo of your enterprise to the PDF reports, copy it in the following directory:C:\Program Files\Common Files\One Identity\IAR\images\logo-company.pngThe size of the logo must be 100(W)x80(H)pixels.

l Styles:

l Chart themes: edit the C:\Program Files\Common Files\One Identity\IAR\styles\DefaultChartTheme.jrctx file.

l Colors and font sizes: edit the C:\Program Files\Common Files\One Identity\IAR\styles\DefaultStyle.jrtx file.

To modify the:

l colors of a style, enter the code corresponding to the desired color in the forecolor, backcolor or linecolor attributes.

l size of the font used by the style, enter the desired size in the fontSize attribute.

Example

<style name="base" isDefault="true" forecolor="#1577B4" fontName="DefaultFont" fontSize="10">

<box topPadding="0" leftPadding="0" bottomPadding="0" rightPadding="0"/>

</style>


Customizing the PDF Report Graphic Style20

Place the new font in TrueType format (TTF) in the fonts directory of the archive and modify the ./fonts/fontsfamilyDefaultFont.xml file without changing the family font name.

Example

To support japanese, you can do as follows:

1. Extract the delivered JAVA archive in a temporary directory:jar xvf DefaultFont.jar

2. Download a free font supporting this language, or use one for which you have the license. In this example, a free Meiryo TrueType font was downloaded and the related TTF files we set in the extracted fonts directory of the Java archive, such as:

./fonts/Meiryo.ttf

./fonts/fontsfamilyDefaultFont.xml

./jasperreports_extension.properties

./manifest.txt

3. Edit the fontsfamilyDefaultFont.xml file as follows:

<?xml version="1.0" encoding="UTF-8"?>

<fontFamilies>

<fontFamily name="DefaultFont">

<normal><![CDATA[net/sf/jasperreports/fonts/dejavu/DejaVuSans.ttf]]> </normal>

<bold><![CDATA[net/sf/jasperreports/fonts/dejavu/DejaVuSans-Bold.ttf]]></bold>

<italic><![CDATA[net/sf/jasperreports/fonts/dejavu/DejaVuSans-Oblique.ttf]]></italic>

<boldItalic><![CDATA[net/sf/jasperreports/fonts/dejavu/DejaVuSans-BoldOblique.ttf]]></boldItalic>

<pdfEncoding><![CDATA[Identity-H]]></pdfEncoding>

<pdfEmbedded><![CDATA[true]]></pdfEmbedded>

<exportFonts>

<export key="net.sf.jasperreports.rtf"><![CDATA[Serif]]></export>

<export key="net.sf.jasperreports.xhtml"><![CDATA[Serif]]></export>

<export key="net.sf.jasperreports.html"><![CDATA[Serif]]></export>

</exportFonts>

</fontFamily>

</fontFamilies>



4. Replace the DefaultFont fontFamily with the following fontFamily definition. Keep the same fontFamily name and replace the location of the TTF font faces files. If you have specific font faces for bold or italic, replace the corresponding lines, or remove them otherwise, as in the default font family above:

<fontFamily name="DefaultFont">

<normal><![CDATA[fonts/Meiryo.ttf]]></normal>

<pdfEncoding><![CDATA[Identity-H]]></pdfEncoding>

<pdfEmbedded><![CDATA[true]]></pdfEmbedded>

<exportFonts>

<export key="net.sf.jasperreports.rtf"><![CDATA[Serif]]></export>

<export key="net.sf.jasperreports.xhtml"><![CDATA[Serif]]></export>

<export key="net.sf.jasperreports.html"><![CDATA[Serif]]></export>

</exportFonts>

</fontFamily>

5. Rebuild the new JAVA archive including the new font:jar cvfm ..\DefaultFontJapanese.jar -m manifest.text fonts/* jasper*

6. Install the new DefaultFontJapanese.jar JAVA archive in C:\Program Files\Common Files\One Identity\IAR\bundled-tomcat\IARBase\lib and remove the DefaultFont.jar after saving it.

7. Restart the I&A Reporting service.

You are ready to generate your reports in japanese.



6

Customizing the EAM Portal

Subject

You can customize the EAM portal by hiding some of its features or adding an additional security control (Captcha). For more information on the portal features, refer to the One Identity EAM Portal - Guide de l’utilisateur.

Hiding EAM Portal Features

Subject

You can hide some features of the portal to fit your specific needs.

Location

To hide a feature, you must set a registry value on the Web Server where the portal is installed, under the following registry keys, depending on your OS version:

l 32 bits: HKEY_LOCAL_MACHINE\SOFTWARE\Enatel\WiseGuard\FrameWork\ResetPassword

l 64 bits: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Enatel\WiseGuard\FrameWork\ResetPassword

Description

l Name: HideFeatureName

l Type: REG_DWORD

l Values:

l 0: the feature is displayed.

l 1: the feature is hidden.

Registry Keys


Customizing the EAM Portal24

EAM Portal Section

Icon Title Registry Value

Primary account Primary Password Reset HideReset

OTP Password Reset HideResetOTP

Primary Account Unlock HideUnlock

Password Reset data collect

HideCollect

Identification Challenge HideChallenge

Access to applications

Access Delegation HideDelegation

Application Credentials HideReveal

Credentials by e-mail HideSend

Self Enrollment User Self Registration HideUserEnroll

Mobile Device Enrollment

HideQREnroll



Adding an Additional Security Control (Captcha)

Subject

Users can access some features of the EAM portal without having to authenticate. However, to prevent fraudulent access to these features, you can add a Captcha for the user to complete with his login name before he accesses the desired feature.

The following features are concerned:

l Primary Account section:

l Primary Password Reset.

l OTP Password Reset.

l Primary Account Unlock.

l Identification Challenge.

l Access to applications section: Credentials by e-mail.

l Self Enrollment section: User Self Registration.

Location

To activate the Captcha feature, you must set a registry value under the following registry keys, depending on your OS version:

l 32 bits: HKEY_LOCAL_MACHINE\SOFTWARE\Enatel\WiseGuard\FrameWork\ResetPassword

l 64 bits: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Enatel\WiseGuard\FrameWork\ResetPassword

Description

l Name: UseCaptcha

l Type: REG_DWORD

l Values:

l 0: Captcha is deactivated.

l 1: Captcha is activated: the user must enter his login name and the displayed Captcha for identification.



About us

About us

Contacting us

For sales or other inquiries, visit https://www.oneidentity.com/company/contact-us.aspx or call +1-800-306-9329.

Technical support resources

Technical support is available to One Identity customers with a valid maintenance contract and customers who have trial versions. You can access the Support Portal at https://support.oneidentity.com/.

The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. The Support Portal enables you to:

l Submit and manage a Service Request

l View Knowledge Base articles

l Sign up for product notifications

l Download software and technical documentation

l View how-to-videos

l Engage in community discussions

l Chat with support engineers online

l View services to assist you with your product


About us27

https://www.oneidentity.com/company/contact-us.aspx

https://support.oneidentity.com/

EAM Customization Guide -...

Documents

Transcript of EAM Customization Guide -...