ESSO Manuals
Documentation about Windows user access, Linux user access and Admin access
Windows Administrator access
How to access?
For domain member hosts, ESSO will remove all existing local accounts except for those with a dependand service. So, in order to access with administrator privileges, user must use a domain account with local administrator privilege, or either an authorized Soffid user.
There are three different ways to grant this kind of authorization to a user using Soffid console:
- Grant a global authorization (host:support). In this case, user can admin any host.
- Using a network scope authorization. This kind of authorization can be granted on network management screen. Administration authorization can be granted for any host belonging to a network or for a restricted group of them.
- Using a host scope authorization. This kind of authorization can be granted on host management screen for specified time period.
Through a workflow request. User asks for administration approval using "Request to administer a workstation" workflow. Soffid administrator can deny or approve the request. After the specified time period, the permission will be revoked.
In order to acces with administrator privileges user must log on with the soffid user code. It is not possible to do it with another account. Windows user code must match with Soffid user code.
Other operations
How to know the ESSO version?
Windows Control Panel --> Add/Remove programs
How to check the log?
C:\Windows\System32\type mazinger-install.log
How to run the configuration?
C:\Program Files\SoffidESO\SoffidConfig.exe
How to check the status?
C:\Program Files\SoffidESSO>Shirokabuto debug
How to stop and start Shirokabuto?
C:\Program Files\SoffidESSO>net stop Shirokabuto
C:\Program Files\SoffidESSO>net start Shirokabuto
Linux Administrator access
How to access?
For domain member hosts, ESSO will remove all existing local accounts except for those with a dependand service. So, in order to access with administrator privileges, user must use a domain account with local administrator privilege, or either an authorized Soffid user.
There are three different ways to grant this kind of authorization to a user using Soffid console:
- Grant a global authorization (host:support). In this case, user can admin any host.
- Using a network scope authorization. This kind of authorization can be granted on network management screen. Administration authorization can be granted for any host belonging to a network or for a restricted group of them.
- Using a host scope authorization. This kind of authorization can be granted on host management screen for specified time period.
Through a workflow request. User asks for administration approval using "Request to administer a workstation" workflow. Soffid administrator can deny or approve the request. After the specified time period, the permission will be revoked.
In order to acces with administrator privileges user must log on with the soffid user code. It is not possible to do it with another account. Windows user code must match with Soffid user code.
Other operations
How to know the ESSO version?
dpkg -l soffidesso
How to check the log?
/var/log$ sudo tail syslog
/var/log$ sudo cat syslog
How to change debug level?
Edit the file /etc/mazinger/config and set debugLevel to 3
nano /etc/mazinger/config
How to login using the command line?
Raise permissions to super users:
sudo -i
Login with your Soffid user
login userName
Windows user access
How to access?
When you try to connecto to a Windows machine by using Soffid ESSO, you need to enter your user and password in the Windows login page.
If the user does not exists in this machine, depending on the attribute "Create local accounts when there is no domain account" in Soffid ESSO configuration, a local user willl be created or not.
- If the network is connected, depending on the Soffid ESSO configuration, a 2FA may be required, or you will be logged in directly.
- If the network is not connected, also, depending on the Soffid ESSO configuration, you connect to the machine. When the network is re-established, Soffid ESSO will ask for your credentials again.
For more information about how to configure Soffid ESSO you can visit the ESSO profile page.
Esso Options
On a host with ESSO installed an icon with the Soffid Logo will appear on the Windows taskbar.
If the user clicks on the mouse's right button it will be able to do some different actions.
Login
Allows you to open an ESSO session. In order to open an ESSO session, the user must enter user code and password. In order to reopen it, the user must enter user code and password again (unless Kerberos login succeeds)
Logout
Allows you to close an ESSO session. On closing session, any SSO rules will be unloaded, so the user should enter the user and password on applications request.
SSO Paused
If the user disables ESSO, user and password will be required to execute any application, but ESSO session is still open on the server.
SSO Enabled
In order to inject ESSO rules, Soffid ESSO must be enabled.
Update rules
To update ESSO rules for the user account. ESSO will contact Soffid Synchronization server in order to get the Single Sign On rules for this account. Any granted permission or rule change will be applied immediately.
Linux User access
How to access?
When you try to connect to a Linux machine using Soffid ESSO, you will need to enter your username and password on the Linux login page.
If the user does not exists in this machine, depending on the attribute "Create local accounts when there is no domain account" in Soffid ESSO configuration, a local user willl be created or not.
- If the network is connected, depending on the Soffid ESSO configuration, a 2FA may be required, or you will be logged in directly.
- If the network is not connected, also, depending on the Soffid ESSO configuration, you connect to the machine. When the network is re-established, Soffid ESSO will NOT ask for your credentials again in the Linux machine.
For more information about how to configure Soffid ESSO you can visit the ESSO profile page.
Esso Options
On a host with ESSO installed an icon with the Soffid Logo will appear on the Windows taskbar.
If the user clicks on the mouse's right button it will be able to do some different actions.
Login
Allows you to open an ESSO session. In order to open an ESSO session, the user must enter user code and password. In order to reopen it, the user must enter user code and password again (unless Kerberos login succeeds)
Logout
Allows you to close an ESSO session. On closing session, any SSO rules will be unloaded, so the user should enter the user and password on applications request.
SSO Paused
If the user disables ESSO, user and password will be required to execute any application, but ESSO session is still open on the server.
SSO Enabled
In order to inject ESSO rules, Soffid ESSO must be enabled.
Update rules
To update ESSO rules for the user account. ESSO will contact Soffid Synchronization server in order to get the Single Sign On rules for this account. Any granted permission or rule change will be applied immediately.