On a host with ESSO installed an icon with the Soffid Logo will appear on the Windows taskbar.
If the user clicks on the mouse's right button it will be able to do some different actions.
Allows you to open an ESSO session. In order to open an ESSO session, the user must enter user code and password. In order to reopen it, the user must enter user code and password again (unless Kerberos login succeeds)
Allows you to close an ESSO session. On closing session, any SSO rules will be unloaded, so the user should enter the user and password on applications request.
If the user disables ESSO, user and password will be required to execute any application, but ESSO session is still open on the server.
In order to inject ESSO rules, Soffid ESSO must be enabled.
To update ESSO rules for the user account. ESSO will contact Soffid Synchronization server in order to get the Single Sign On rules for this account. Any granted permission or rule change will be applied immediately.
How to know the ESSO version?
Windows Control Panel --> Add/Remove programs
dpgk -l soffidesso
For domain member hosts, ESSO will remove all existing local accounts except for those with a dependand service. So, in order to access with administrator privileges, user must use a domain account with local administrator privilege, or either an authorized Soffid user.
There are three different ways to grant this kind of authorization to a user using Soffid console:
- Grant a global authorization (host:support). In this case, user can admin any host.
- Using a network scope authorization. This kind of authorization can be granted on network management screen. Administration authorization can be granted for any host belonging to a network or for a restricted group of them.
- Using a host scope authorization. This kind of authorization can be granted on host management screen for specified time period.
Through a workflow request. User asks for administration approval using "Request to administer a workstation" workflow. Soffid administrator can deny or approve the request. After the specified time period, the permission will be revoked.
In order to acces with administrator privileges user must log on with the soffid user code. It is not possible to do it with another account. Windows user code must match with Soffid user code.
Soffid user code is underlined in the following picture: