Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - SSOWatch Administrator Guide

1 Overview 2 SSOWatch 3 Configuration Editor: Enterprise SSO Studio
3.1 Interface Overview 3.2 Starting and Stopping Enterprise SSO Studio 3.3 Creating or Opening a Configuration 3.4 Configuring General SSO Parameters 3.5 Defining PFCP and Application Profiles 3.6 Defining Application and Technical Definition Objects 3.7 Defining Window Objects 3.8 Testing the SSO 3.9 Exporting or Importing Objects 3.10 Managing Objects in the Tree 3.11 Saving Object Configurations 3.12 Managing Configuration Updates 3.13 Refreshing the Tree
4 The Generic Plug-in 5 The Microsoft Internet Explorer Plugin  6 The SAP R/3 Plug-in 7 Terminal Type Applications 8 The HLLAPI Plug-in 9 Advanced Configuration 10 OLE/Automation Interface Appendix A: Cache Tuning and Asynchronous Update of the Application Data Appendix B: Integrating Care-FX with SSOWatch

3.6.2 Filling-in the Application Properties Window

3.6.2.1 "Properties" Tab of an Application Object

The Properties tab described in this section only appears if you use Enterprise SSO Studio without Controller, or Personal SSO Studio.
The Properties tab of an Application Object allows you to define the basic parameters of an Application.
Application Name
This field will be shown in the objects tree of
Enterprise SSO Studio and in the data collection and account management dialog boxes of SSOWatch.
Session management (advanced)
Indicates whether all the application’s windows depend on the same application instance.
OLE/Automation
Grants OLE/Automation access to this application (and all the associated security objects). For further security, you can enter a password for which OLE clients will be prompted. For more information, see 10 OLE/Automation Interface.
a)
Enable this application (this option is selected by default)
If this option is cleared,
SSOWatch will ignore this application. This is used to temporarily disable an application without deleting it from the configuration file.
b)
Try previous password when "bad password" windows detected
If this option is selected, the fields are filled with the last valid password at "bad password" detection (this can be useful if the password change is not immediately taken into account by the application).
c)
User must provide credentials
This check box only appears in Access Collector mode.
If this check box is cleared, the user will be able to cancel the collect (or the bad password) window that appears when he/she launches an application.

3.6.2.2 "Properties" Tab of a Technical Definition Object

The Properties tab described in this section only appears if you use Enterprise SSO Studio with Controller.
The Properties tab of a Technical Definition object allows you to define the basic parameters of a Technical definition.
Identification
The Technical reference name. This field will be shown in the objects tree of
Enterprise SSO Studio.
Session management
Indicates whether all the application’s windows depend on the same application instance.
Try previous password when "bad password" windows detected
If this option is selected, the fields are filled with the last valid password at "bad password" detection (this can be useful if the password change is not immediately taken into account by the application).

3.6.2.3 "Account Base" Tab of an Application Object

The Account Base tab only appears if you use Enterprise SSO Studio without Controller or Personal SSO Studio.
The Account Base tab allows you to define the Account Base associated with an application. An Account is a username/password pair that allows connection to an application. There is also an account parameter that can store complementary authentication data; for instance, a Windows Domain name is a complementary parameter of a Windows account.
The account name is internal to SSOWatch: it is used to store and retrieve security data and to give a user-friendly name to this data. A user-friendly name is particularly useful when using multiple accounts: you can give names like "Notes Admin" or "Notes User" if a Notes user is also the administrator.
Accounts are global: they are shared by applications and by SSOWatch configurations, because they refer to objects stored in the security system storage and which are bound to the user.
In some cases, it is possible to use the Windows username and password to perform SSO to an application. An example is the Windows Terminal Server login. To use this security credential in SSO, you must associate the Primary Authentication Identifier with the application (check the corresponding option). The Windows username can be used in different formats:
Close the Enterprise SSO Studio graphical interface.
<SSOWatch installation folder> [/login <name>]
[/password <password>] /share <MasterApplication> <SlaveApplication>
<SSOWatch installation folder>
"C:\Program Files\Quest Software\QESSO Client\SSOBuilder.exe " by default.
Login name and password of the Quest ESSO administrator.
If the login name and password of the administrator are not specified, the Enterprise SSO Studio authentication window will appear.
External Names: this button only appears if you use Enterprise SSO Studio without Controller and LDAP storage mode. It allows you to define a mapping between the Quest ESSO application that you are configuring and the name of an external application that must be identified by Quest ESSO. This option is particularly useful to integrate Web Access Manager with Quest ESSO. For example, if you are defining an application called MyHTMLApplication that already uses Web Access Manager Account Bases, click this button and in the displayed window, enter the names of the Web Access Manager Account Bases defined for this application. By this way, Quest ESSO will be able to use these Web Access Manager Account Bases to perform SSO with this application.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating