How to install an Enterprise SSO client on a Windows workstation

Video

The video above describes the steps to install an Enterprise Access Management client using the quick installation wizard, provided in the installation package. The steps to install the client are the following.

Before Starting

An EAM Controller must be installed in the same domain as the workstation.
Make sure the workstation is connected to the following elements by performing a ping test :
- The corporate directory.
- The EAM Controller.
- The EAM directory.
Make sure you have a valid account, with full administration permissions on the workstation.

Procedure

Log on to the workstation as local system administrator.
To run the installation wizard, open the root folder of the installation package and double-click start.hta
In the Quick Installation/in a dedicated ADLDS directory area, click one of the following, depending on your Windows system processor:
- For 32 bits processors: win32.
- For 64 bits processors: x64

The EAM installation wizard welcome window appears.

Follow the instructions displayed in the wizard and shown in the tutorial

Specific Windows

Some windows may appear if you have not set up some configurations prior to the installation:

Installing the Microsoft C++ 2012 redistributables:

Granting EAM access to the network

This window only appears if the firewall configuration may prevent EAM from starting.
Make sure the two check boxes are selected so that the firewall can grant access to the network to EAM.

EAM Authentication Options

Authentication Manager authentication

Authentication Manager authentication extends Windows authentication functionalities. It allows the following authentication methods:

Authentication by password.
Authentication by smart card.
Authentication by fingerprints (biometrics).
Authentication by RFID badge.
Authentication by mobile phone.

It also allows the activation of the following features:

Self Service Password Request (SSPR).
Roaming Session.
Double-Login prevention.

With this authentication option, the Windows authentication banner is replaced with the EAM banner (logos can be customized).

Windows authentication

Windows authentication does not modify the classic Windows session opening (no visual modification, no new function).
It installs a component that secures User Data and synchronizes encryption keys when the primary password is changed.
This authentication option is useful if the automation of access to applications (SSO) is the only functionality needed on the workstation.

Session authentication

Session authentication does not modify the classic Windows session opening.

No additional authentication component is installed so this authentication option does not allow secure password change management (as in Windows Authentication option): if an administrator resets a new user password, he will be able to access user data.

Public Access authentication

In this case, users share a workstation without having to restart a Windows session.
On smart card, RFID badge or fingerprints detection, Enterprise SSO prompts the user to type his/her PIN code or password and starts the SSO engine.
The engine stops at smart card or RFID badge withdrawal, or fingerprints detection.

Multi-User Desktop

The Multi-User Desktop allows hosting several secure sessions in the same Windows session.
It is automatically started when the Windows session opens.
A Welcome screen displays the list of available authentication methods and the list of disconnected user sessions.