How to install an Enterprise Access Management controller on a Windows server
Evidian Enterprise SSO
Demonstration of how to install an Enterprise Access Management controller on a Windows server
With Evidian Enterprise SSO, a user enters only one password or even none with a strong authentication method. After that, application passwords are automatically entered, on behalf of the user. The solution works with applications, either web based, desktop as well as legacy applications.
The EAM (Enterprise Access Management) controller (through the EAM console) allows the management of EAM policies (for example which user can access to which application) and centrally audit usage of EAM solution (for example user access).
Why over 5 million employees are using Evidian Enterprise SSO today?
Reinforce access to applications
A user enters only one password or even none with Evidian Authentication Manager and a strong authentication method. Evidian SSO can change transparently hardened passwords for each application. It allows the management of enterprise access policies (which user can access to which application) and centrally audit the user access.
Reduce up to 30% helpdesk calls
There are no more calls to the call desk to reset passwords because users no longer manage application passwords. Moreover, a Self-Service Password request (SSPR) function allows users who have forgotten their single password, or their access card, to unlock their accesses - even offline without the helpdesk.
Never reveal passwords
Users can share the same generic accounts securely, or delegate their access to each other while being away. Users don’t need to reveal their passwords and are audited by name. Thanks to a web portal, a user who is already on leave can remotely delegate all or part of his accounts, via a simple web page and fully comply with the security policy.
Satisfy regulatory constraints
By creating an obligatory passage point between a user and his applications, an organization can effectively control the accesses. Moreover, a log of these accesses and administration operations is kept centrally, which facilitates audit. Evidian SSO facilitates compliance with confidentiality, integrity and availability requirements.
Evidian Enterprise SSO provides single sign-on to all users, businesses and organizations.
Free your users from remembering and typing passwords and drive your security policy by automating password management.
Typical use of SSO by over 5 million employees
Employees use a passwordless strong authentication method. After that, application passwords are automatically entered, on behalf of the employee, during application login prompts. This works either with web based, desktop as well as legacy applications without modifying them. Evidian gives an access to the applications to which the employee is entitled. And it transparently modifies and manages strong passwords for each application. An access log is centralized to facilitate audits, to know which employee uses which application and to meet regulatory constraints.
One PC - used by several users
Branch employees, sales staff in outlets, workers in manufacturing industry and others share a same PC in their Enterprise. They use a shared account with autologon to access the Windows session without password to save time. However, knowing who authenticated to the PC and at what time cannot be audited. Evidian with its multi-user desktop solves this problem with a fast user switching in a few seconds and a strong authentication method like a RFID badge to unlock the shared session.
One user – using multiple PCs successively
The day-to-day tasks of some employees may require them to move around within a site, such as doctors in a hospital, production managers at an industrial site, store vendors, and others. On each PC, they must log in to access their session and log out. As it takes time, an alternative solution must be found. Evidian offers a simple solution with a roaming session avoiding multiple login.
One user – using multiple PCs at once
Some employees need multiple PCs and monitors in order to work. These may include trading room workers, control room operators in industry, in transport, in video surveillance and others. It is unrealistic to ask these employees a multiple login to all PCs. Evidian offers a solution with a single login to multiple computers at once.
Are you looking for another solution?
Evidian offers many other solutions that will certainly meet your needs. Do not hesitate to contact us.
Installation guide of the EAM controller
The Enterprise Access Management (EAM) solution is installed using 3 main components:
- the EAM directory (storing EAM policies) on server side
- the EAM Controller (managing EAM policies and audit visibility) on the server side
- the EAM Client on the workstation side
The EAM Controller allows centralization of Enterprise Access Management policy definition and audit events. It connects to the company directory to retrieve necessary data.
For availability reasons, several EAM Controllers can be installed. An EAM Controller can be dedicated to administration operations and another can be dedicated to audit operations.
2 methods of installation are possible:
- In dedicated (AD-LDS) Directory mode
- In Corporate (AD) Directory mode
- Make sure you have valid Enterprise Access Management license keys, given by your Evidian representative.
- Download the Authentication Manager or Enterprise SSO installation package from the Evidian support web site (http://support.evidian.com) and unzip it.
- Make sure the server is connected to the corporate directory by performing a ping test.
- Make sure you have a valid account in the server domain. The account password must never expire.
- Make sure the server is not a Domain Controller.
- Install a supported database server (you are advised to install MySQL server).
- Please refer to the product documentation for details on the installation procedure.
If you plan to install MySQL server, read the following
- You must use the following database instance name: MySQLESSO.
- Make sure the ODBC connector is installed upon the MySQL server installation.
You are strongly advised to use ODBC connector version 5.1 (you may experience problems with version 5.2). You can download connectors at the following URL: http://dev.mysql.com/downloads/connector/odbc/5.1.html#downloads
- Log on to the server as local system administrator.
- To run the installation wizard, open the root folder of the installation package and double-click start.hta.
- The Enterprise Access Management installation wizard welcome window appears.
- In the Quick Installation/in a dedicated ADLDS directory area or Corporate Active Directory, click one of the following, depending on your Windows system processor:
- For 32 bits processors: win32.
- For 64 bits processors: x64.
- The Enterprise Access Management Client installation wizard welcome window appears.
- Follow the instructions displayed in the video above.
When installing in Corporate directory mode, when asked where the EAM security objects are stored, choose "In the corporate directory".