ESSO Manuals

Documentation about Windows user access, Linux user access and Admin access

Windows Administrator access

How to access?

For domain member hosts, ESSO will remove all existing local accounts except for those with a dependand service. So, in order to access with administrator privileges, user must use a domain account with local administrator privilege, or either an authorized Soffid user.

There are three different ways to grant this kind of authorization to a user using Soffid console:

  1. Grant a global authorization (host:support). In this case, user can admin any host.
  2. Using a network scope authorization. This kind of authorization can be  granted on network management screen. Administration authorization can be granted for any host belonging to a network or for a restricted group of them.
  3. Using a host scope authorization. This kind of authorization can be granted on host management screen for specified time period.

Through a workflow request.  User asks for administration approval using "Request to administer a workstation" workflow. Soffid administrator can deny or approve the request. After the specified time period, the permission will be revoked.

image.png

In order to acces with administrator privileges user must log on with the soffid user code. It is not possible to do it with another account. Windows user code must match with Soffid user code.

Other operations

How to know the ESSO version?

Windows Control Panel -->  Add/Remove programs

💻 Image

image-1665397531364.png

How to check the log?

C:\Windows\System32\type mazinger-install.log
💻 Image

image.png

How to run the configuration?

C:\Program Files\SoffidESO\SoffidConfig.exe
💻 Image

image.png

How to check the status?

C:\Program Files\SoffidESSO>Shirokabuto debug
💻 Image

image.png

How to stop and start Shirokabuto?

C:\Program Files\SoffidESSO>net stop Shirokabuto
C:\Program Files\SoffidESSO>net start Shirokabuto

Linux Administrator access

How to access?

For domain member hosts, ESSO will remove all existing local accounts except for those with a dependand service. So, in order to access with administrator privileges, user must use a domain account with local administrator privilege, or either an authorized Soffid user.

There are three different ways to grant this kind of authorization to a user using Soffid console:

  1. Grant a global authorization (host:support). In this case, user can admin any host.
  2. Using a network scope authorization. This kind of authorization can be  granted on network management screen. Administration authorization can be granted for any host belonging to a network or for a restricted group of them.
  3. Using a host scope authorization. This kind of authorization can be granted on host management screen for specified time period.

Through a workflow request.  User asks for administration approval using "Request to administer a workstation" workflow. Soffid administrator can deny or approve the request. After the specified time period, the permission will be revoked.

In order to acces with administrator privileges user must log on with the soffid user code. It is not possible to do it with another account. Windows user code must match with Soffid user code.

Other operations

How to know the ESSO version?

dpkg -l soffidesso
💻 Image

image-1665396904304.png

How to check the log?

/var/log$ sudo tail syslog
/var/log$ sudo cat syslog

How to change debug level?

Edit the file /etc/mazinger/config and set debugLevel to 3

nano /etc/mazinger/config
💻 Image

image.png

How to login using the command line?

Raise permissions to super users:

sudo -i

Login with your Soffid user

login userName
💻 Image

image.png

Windows user access

How to access?

When you try to connecto to a Windows machine by using Soffid ESSO, you need to enter your user and password in the Windows login page. 

If the user does not exists in this machine, depending on the attribute "Create local accounts when there is no domain account" in Soffid ESSO configuration, a local user willl be created or not.

For more information about how to configure Soffid ESSO you can visit the ESSO profile page.

💻 Image
Credentials required

image.png

2FA required

image.png

 Soffid ESSO options

image.png

Esso Options

On a host with ESSO installed an icon with the Soffid Logo will appear on the Windows taskbar.

If the user clicks on the mouse's right button it will be able to do some different actions.

Login

Allows you to open an ESSO session. In order to open an ESSO session, the user must enter user code and password.  In order to reopen it, the user must enter user code and password again (unless Kerberos login succeeds)

Logout

Allows you to close an ESSO session. On closing session, any SSO rules will be unloaded, so the user should enter the user and password on applications request.

SSO Paused

If the user disables ESSO, user and password will be required to execute any application, but ESSO session is still open on the server.

SSO Enabled

In order to inject ESSO rules, Soffid ESSO must be enabled.

Update rules

To update ESSO rules for the user account. ESSO will contact Soffid Synchronization server in order to get the Single Sign On rules for this account. Any granted permission or rule change will be applied immediately.

💻 Image

image.png

Linux User access

How to access?

When you try to connect to a Linux machine using Soffid ESSO, you will need to enter your username and password on the Linux login page.

If the user does not exists in this machine, depending on the attribute "Create local accounts when there is no domain account" in Soffid ESSO configuration, a local user willl be created or not.

For more information about how to configure Soffid ESSO you can visit the ESSO profile page.

💻 Image
 Credentials required

image.png

 2FA required

image.png

Soffid ESSO options

image.png

Esso Options

On a host with ESSO installed an icon with the Soffid Logo will appear on the Windows taskbar.

If the user clicks on the mouse's right button it will be able to do some different actions.

Login

Allows you to open an ESSO session. In order to open an ESSO session, the user must enter user code and password.  In order to reopen it, the user must enter user code and password again (unless Kerberos login succeeds)

Logout

Allows you to close an ESSO session. On closing session, any SSO rules will be unloaded, so the user should enter the user and password on applications request.

SSO Paused

If the user disables ESSO, user and password will be required to execute any application, but ESSO session is still open on the server.

SSO Enabled

In order to inject ESSO rules, Soffid ESSO must be enabled.

Update rules

To update ESSO rules for the user account. ESSO will contact Soffid Synchronization server in order to get the Single Sign On rules for this account. Any granted permission or rule change will be applied immediately.

💻 Image

image.png