EAM Portal User's Guide - Questsupport-public.cfm.quest.com/44010_EAM_Portal_Users...Preface Subject...

EAM Portal 9.0.2

User's Guide

Copyright 2017 One Identity LLC.

ALL RIGHTS RESERVED.This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written permission of One Identity LLC .The information in this document is provided in connection with One Identity products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of One Identity LLC products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, ONE IDENTITY ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL ONE IDENTITY BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF ONE IDENTITY HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. One Identity make no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. One Identity do not make any commitment to update the information contained in this document.If you have any questions regarding your potential use of this material, contact:One Identity LLC.Attn: LEGAL Dept4 Polaris WayAliso Viejo, CA 92656Refer to our Web site (http://www.OneIdentity.com) for regional and international office information.

PatentsOne Identity is proud of our advanced technology. Patents and pending patents may apply to this product. For the most current information about applicable patents for this product, please visit our website at http://www.OneIdentity.com/legal/patents.aspx.

TrademarksOne Identity and the One Identity logo are trademarks and registered trademarks of One Identity LLC. in the U.S.A. and other countries. For a complete list of One Identity trademarks, please visit our website at www.OneIdentity.com/legal. All other trademarks are the property of their respective owners.

Legend

WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.

CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.

IMPORTANT, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.

EAM Portal User's GuideUpdated - November 2017Version - 9.0.2

http://www.oneidentity.com/

http://www.oneidentity.com/legal/patents.aspx

http://www.oneidentity.com/legal

Contents

Preface 4

EAM Portal Presentation 5

Using the EAM Portal 7

Managing your primary account 7

Initializing the Self Service Password Request feature 7

Resetting your primary password 8

Resetting with the SSPR 9

Resetting with an OTP 10

Unlocking your primary account 12

Retrieving an identification challenge 12

Managing access to your applications 13

Delegating a user account 13

Revealing your application passwords 15

Retrieving your application credentials 16

Managing self enrollment 17

Managing your primary account 17

Enrolling your mobile devices 19

About us 21

Contacting us 21

Technical support resources 21

EAM Portal 9.0.2 User's Guide 3

Preface

SubjectThis guide describes how to use the Primary account, Access to applications and Self Enrollment menus of the Enterprise Access Management (EAM) portal.

Audience This guide is intended for end-users.

Required Software

EAM 9.0 evolution 2 and later versions. For more information about the versions of the required operating systems and software solutions quoted in this guide, please refer to One Identity EAM Release Notes.

Typographical Conven-tions

Bold Indicates:

l Interface objects, such as menu names, buttons, icons and labels.

l File, folder and path names.

l Keywords to which particular attention must be paid. Italics - Indicates references to other guides.

Code - Indicates portions of program codes, command lines or messages displayed in command windows.

CAPITALIZATI ON Indicates specific objects within the application (in addition to standard capitalization rules).

< > Identifies parameters to be supplied by the user.

Legend

WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.

CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.

IMPORTANT, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.

Documentation support

The information contained in this document is subject to change without notice. As our products are continuously enhanced, certain pieces of information in this guide can be incorrect. Send us your comments or suggestions regarding the documentation on the One Identity support website.

EAM Portal 9.0.2 User's Guide

Preface4

1

EAM Portal Presentation

The EAM portal provides an emergency access to different Enterprise Access Management (EAM) features. The main page of the portal is as follows:

NOTE: The display of the different sections of the portal may differ depending on the configuration performed by the EAM administrator.

This page displays a list of predefined emergency actions divided into three sections:


EAM Portal Presentation5

l The Primary account section enables you to:

o Reset your primary password:

n By answering your security questions.

n With a confirmation code.

o Unlock your primary account.

o Initialize the "Self Service Password Request" by saving your answers to the security questions.

o Retrieve an identification challenge to provide to the helpdesk.

l The Access to applications section enables you to:

o Delegate access to one of your accounts to another user.

o Reveal your application passwords.

o Receive your credentials by e-mail.

l The Self Enrollment section enables you to:

o Create your user account in the corporate directory.

o Enroll your mobile device via QRentry.


EAM Portal Presentation6

2

Using the EAM Portal

Managing your primary account

Initializing the Self Service Password Request feature

Subject

You must initialize the Self Service Password Request (SSPR) feature to reset your password in case you lost or forgot it.

Initializing the SSPR consists in choosing a set of questions and saving the associated answers. You will have to provide these answers when you want to reset your password.

You can perform this task every time you want to update or change your questions/answers.

IMPORTANT: If there is a translation for the question, the language set for the navigator is the one used to display the questions.

When the SSPR is enabled, you can define your questions (optional) and answers the first time that your Authentication Manager is activated. Then you may need to modify this information in the following cases:

l The questions have changed, so you have to update your answers.

l You must enter your answers periodically.

l You want to change your questions/answers.

You can initialize the SSPR through the Authentication Manager icon (see Authentication Manager for Windows User's Guide) or by using the EAM portal as detailed in the following procedure.


Using the EAM Portal7

Procedure

1. Enter the EAM portal URL in your Web browser, such as:http://yourwebserver.yourdomain.com/

The EAM portal page opens.

2. Click Password Reset data collect.

The Authentication page appears.

3. To authenticate with your:

l Credentials:

a. Select your domain in the drop down list.

b. Enter your Username and Password in the corresponding fields.

c. Click Sign in.

l Mobile device:

Without network With network (Android only)

Enter your Username and click .

Enter your Username and click Sign in..

Scan the displayed QR code. Tap the notification received on your mobile device.

Enter the displayed code in the corresponding field and click Sign in.

Authorize the authentication by tapping Authorize.

4. Answer the displayed questions and click Submit your answer.

Once you have answered all the questions, the SSPR is initialized.

Resetting your primary password

Subject

The Reset Password feature allows you to reset your password to open your Windows session even if you have forgotten your smart card or cannot remember your password.



You can reset your password upon session opening (see Authentication Manager for Windows User's Guide) or by using the EAM portal, as detailed in the following procedure.

Resetting with the SSPR

Before starting

You have chosen a set of questions and recorded the associated answers using the Self Service Password Request Wizard, as described in Initializing the Self Service Password Request feature.

NOTE: If you have not initialized the Self Service Password Request and therefore cannot reset your password by yourself, the administrator can still modify your primary password from EAM Console.

Procedure



2. Click Primary Password Reset.

The Password Reset page opens.

3. Select your domain in the drop down list, enter your Username and click Submit.

NOTE: If a Captcha check is required, reproduce the Captcha code in the corresponding field.

The Question page opens.



4. Enter your answers to the corresponding questions.

5. Enter your new password in the New password and Confirm new password fields and click Submit.

NOTE: Depending on the portal configuration, password selection tips can be displayed:

l The Rules button helps you with the password format control policy.

l An indicator informs you about the compliance and strength of your password.

6. Click the Submit button.

Your password has been reset.

Resetting with an OTP

Procedure



2. Click OTP Password Reset.

The Password Reset page opens.



3. Select your domain in the drop down list, enter your Identifier and click Submit.


An e-mail or an SMS containing an OTP is sent to you.

4. Enter this OTP in the confirmation code field.

5. Enter your new password in the New password and Confirm new password fields and click Submit.





Your password has been reset.



Unlocking your primary account

Description

If you have locked your primary account by typing a wrong password several times in a row, execute the following procedure to unlock your account.

Procedure



2. Click Primary Account Unlock.



NOTE: If a Captcha check is required, reproduce the Captcha code in the corresponding field..

4. Answer the displayed questions and click Submit your answer.

Once you have answered all the questions, your primary account is unlocked.

Retrieving an identification challenge

Subject

To identify yourself to a helpdesk operator, you must retrieve and provide an identification challenge by answering your SSPR questions. This section explains how to retrieve this challenge.

Before starting

You have chosen a set of questions and recorded the associated answers as described in Initializing the Self Service Password Request feature.

Procedure



2. Click Identification Challenge.






4. Answer the displayed questions and click Submit.

Once you have answered all the questions, your identification challenge is displayed. Provide this challenge to your helpdesk operator to identify yourself.

Managing access to your applications

Delegating a user account

You can delegate one or several user accounts quickly and simply by following this procedure:

Procedure



2. Click Access Delegation.

The Authentication page opens.


l Credentials:



c. Click Sign in.

l Mobile device:









The Account Delegation page opens.

4. Select the account(s) you want to delegate by selecting the corresponding check boxes.

5. Enter the name of the user to whom you want to delegate your account(s) in the Search for users field and click Search.

The list of users appears.

6. Click the user to add him/her to the Delegation list.

NOTE: You can:

l Search for more users to add them to the Delegation list.

l Delete the added user(s) by clicking .



7. Click Proceed.

Your account(s) has/have been delegated to the selected user(s).

Revealing your application passwords

You can reveal your application password by using Enterprise SSO (see Enterprise SSO Administrator's Guide) or by using the EAM portal as detailed in the following procedure.

An account password is revealable only if the application profile associated with the access allows it, just like SSO Engine.

NOTE:You cannot reveal the password of a delegated account.

Procedure



2. Click Application Credentials.



l Credentials:



c. Click Sign in.

l Mobile device:









The Reveal Your Credentials page opens.

4. Click the application name to reveal the associated password.

Retrieving your application credentials

You can receive your application data (application name, login, password etc.) by using the EAM portal, as detailed in the following procedure.

In this case the Web portal allows you to receive the information by e-mail.

NOTE: You cannot reveal the following accounts:

l Shared accounts.

l Delegated accounts: you must ask your colleague for their password.

Procedure



2. Click Credentials by e-mail.

3. Enter your e-mail address or your login and click Request your data.


The information of your SSO accounts has been sent to your e-mail address.



Managing self enrollment

Managing your primary account

Subject

You can create your user account, or "primary" account, directly in the corporate directory. This will allow you to authenticate with your password or mobile device.

Procedure



2. Click User Self Registration.

The User Self Registration page opens.

3. Complete the fields of the form and click Submit.

IMPORTANT: The following fields are mandatory:



l Login name: select a login name easy to remember (example: jsmith), indeed you will need this login name to authenticate to open your session.

l Email address: enter the email address known by your company (example: [email protected]).

NOTE:

l Select the Please send Confirmation Code via SMS check box if you want to receive the code by email and SMS.

l If a Captcha check is required, reproduce the Captcha code in the corres-ponding field.

l A confirmation code is sent to you by email and SMS if you have requested it.

l The confirmation page opens.

4. Enter the confirmation code in the corresponding field.

5. Choose your password and confirm it.





If your code and your password are valid, your primary account is created.



Enrolling your mobile devices

Subject

You can enroll a mobile device through the Authentication Manager icon (see QRentry User’s Guide) or by using the EAM portal as detailed in the following procedure.

Before starting

The QRentry application is installed on your mobile device. For more information, see QRentry User’s Guide.

Procedure



2. Click Mobile Device enrollment.


3. Select your domain in the drop down list, enter your Username and Password in the corresponding fields and click Sign in.

The QRentry Enrollment page opens.

4. Enter a name for your mobile device and click Enroll.

The page containing the QR codes to scan opens.



5. From your mobile device, start the QRentry application.

6. Tap Scan and scan the first QR code on the left with your mobile device.

7. Scan the QR code on the right.

An enrollment code appears on your mobile device.

8. Enter the code displayed on your mobile device.

9. Click Set.

Your mobile device is enrolled.



About us

About us

Contacting us

For sales or other inquiries, visit https://www.oneidentity.com/company/contact-us.aspx or call +1-800-306-9329.

Technical support resources

Technical support is available to One Identity customers with a valid maintenance contract and customers who have trial versions. You can access the Support Portal at https://support.oneidentity.com/.

The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. The Support Portal enables you to:

l Submit and manage a Service Request

l View Knowledge Base articles

l Sign up for product notifications

l Download software and technical documentation

l View how-to-videos

l Engage in community discussions

l Chat with support engineers online

l View services to assist you with your product


About us21

https://www.oneidentity.com/company/contact-us.aspx

https://support.oneidentity.com/

EAM Portal User's Guide - Questsupport-public.cfm.quest.com/44010_EAM_Portal_Users...Preface Subject...

Documents

Transcript of EAM Portal User's Guide - Questsupport-public.cfm.quest.com/44010_EAM_Portal_Users...Preface Subject...