1 Overview
1.1 SSOWatch module of Quest ESSO: Basic Principles
2 SSOWatch
1.1.1 Application Modeling
1.1.2 Application Access Profiles
1.1.3 Password Format Control Policies (PFCP)
1.1.4 Application Behavior
1.1.5 Window Types
1.1.6 LDAP Directories
1.2 The Access Collector Mode
1.3 SSOWatch Components
2.1 Overview
2.2 The SSOWatch Interface
2.3 Starting/Quitting SSOWatch
2.4 Suspending/Activating SSOWatch
2.5 Resetting SSOWatch Configuration
2.6 Managing User Accounts
3 Configuration Editor: Enterprise SSO Studio
2.6.1 Providing SSO Data When Launching an SSO Enabled Application for the First Time
2.6.2 Displaying your SSOWatch User Accounts
2.6.3 Displaying the Properties of a User Account
2.6.4 Changing the Login Name and/or Password of a User Account
2.6.5 Changing an Expired Primary Password
2.6.6 Creating a New Account for an Application
2.6.7 Deleting a User Account
2.6.8 Displaying User Account Password
2.6.9 Delegating a User Account
2.7 Disabling/Enabling SSO for Applications
2.8 Requesting an Access to an Application Through the Request Manager Portal
2.9 Testing the SSO Configuration of an Application
2.10 Starting Personal SSO Studio
2.11 Starting an Application
2.12 Creating a Shortcut for an Application
2.13 Removing the Icon from the Notification Area
3.1 Interface Overview
3.2 Starting and Stopping Enterprise SSO Studio
3.3 Creating or Opening a Configuration
3.4 Configuring General SSO Parameters
3.5 Defining PFCP and Application Profiles
4 The Generic Plug-in
3.5.1 Defining Password Format Control Policies (PFCP)
3.6 Defining Application and Technical Definition Objects
3.5.1.1 "Password Management Policy" Tab - Description
3.5.1.2 "Password Format Policy" Tab - Description
3.5.2 Defining the Application Profiles
3.6.1 Creating/Modifying Application Objects and Technical Definitions
3.7 Defining Window Objects
3.8 Testing the SSO
3.9 Exporting or Importing Objects
3.6.1.1 Creating a New Application Object or Technical Definition
3.6.1.2 Modifying an Application Object or Technical Definition Configuration
3.6.2 Filling-in the Application Properties Window
3.6.2.1 "Properties" Tab of an Application Object
3.6.2.2 "Properties" Tab of a Technical Definition Object
3.6.2.3 "Account Base" Tab of an Application Object
3.6.2.4 "Launcher" Tab
3.6.2.5 "Parameters" Tab
3.6.2.6 "Application Profile" Tab
3.6.3 Defining Advanced Access Rights
3.9.1 Exporting/Importing Objects using the Graphical Interface
3.9.2 Importing Objects using Command Line Arguments (without Controller)
3.10 Managing Objects in the Tree
3.10.1 Copying/Cutting/Pasting Objects
3.10.2 Renaming an Object
3.10.3 Deleting an Object from the Tree
3.11 Saving Object Configurations
3.11.1 Saving Object Configurations in LDAP Storage Mode (with Controller)
3.11.2 Saving Object Configurations in Local Storage Mode
3.12 Managing Configuration Updates
3.13 Refreshing the Tree
4.1 Window Detection
5 The Microsoft Internet Explorer Plugin
4.1.1 Simple Detection
4.1.2 Advanced Detection
4.2 User Interface
4.3 Generic Plug-in Actions
4.1.2.1 The Enable Variable URL Detection Option
4.1.2.2 The Look for Text Option
4.1.2.3 The Advanced Button
4.1.3 Restrictions
4.3.1 StandardLogin – Connection
4.4 Special Cases
4.3.1.1 Window Description
4.3.1.2 Specifying Additional Fields (Optional)
4.3.1.3 SSOWatch Behavior
4.3.2 BadPassword
4.3.3 NewPassword
4.3.4 ConfirmPassword
4.3.5 BadNewPassword
5.1 HTML/Internet Explorer Detection
5.2 User Interface
5.3 HTML/Internet Explorer Actions
6 The SAP R/3 Plug-in
6.1 SAPLogin and SAPExpired Window Types
6.2 Basic Principles of the SAP R/3 Plug-in
6.3 Configuration Guide
7 Terminal Type Applications
8 The HLLAPI Plug-in
8.1 Configuring the HLLAPI Plug-in
9 Advanced Configuration
8.1.1 Configuring the HLLAPI Plug-in for a Single Application
8.1.2 Configuring the HLLAPI Plug-in for Different Types of Applications
8.1.3 HLLAPI Plug-in Registry Keys
8.2 Enabling SSO for HLLAPI Applications
8.3 HLLAPI Applications Keys
9.1 Custom Scripts Plug-ins
9.2 Extension DLL
10 OLE/Automation Interface
10.1 Definition of SSOWatch OLE/Automation Interface
10.2 The ISSOEngine Interface
10.3 The ISSOApplication Interface
10.4 Code Example
10.5 Return Codes
Appendix A: Cache Tuning and Asynchronous Update of the Application Data
Appendix B: Integrating Care-FX with SSOWatch
3.6.2.4 "Launcher" Tab
|
• |
Change Icon button The icon associated with the application, which will be displayed in SSOWatch. |
|
• |
Application description for user The application description, which will be displayed in SSOWatch. |
|
• |
Target The command line or URL (for web applications), which opens the application. |
|
• |
Start in folder The directory where the command line should start. |
|
• |
Command line parameters The SSO parameters to be sent to the command line, if necessary. The Insert button insert in the command line the item selected in the list (identifier/password). |
|
• |
Authentication methods required if automatic start is used check box and drop down list Since SSOWatch can launch applications during session opening, this option enables you to control which applications are launched regarding the authentication method used to log on. Select the check box and in the drop down list, select the authentication methods required to launch the applications. |
3.6.2.5 "Parameters" Tab
Parameters Tab of an Application Object (without Controller)
The Parameters tab allows you to add a list of additional authentication parameters (as Windows Domains or Languages for example). These parameters will enable you to define more fields than simply the couple of fields user name/password of the target application authentication window.
|
• |
Add button: click this button to add a parameter. The following window appears: |
 |
The parameter Windows Domain must be used only with Applications that may use Advanced Login. |
|
b) |
|
c) |
|
• |
To define an External Name for a parameter, select the wanted parameter and click External Name. For more information, see Managing External Names section in the current topic. |
|
• |
|
• |
Properties button: Select a parameter then click this button to define the properties of the selected parameter. |
|
a) |
Description: mandatory description of the parameter for a better understanding. |
|
b) |
|
• |
Default: the value of the parameter is collected for each SSO account and can be modified by the user. |
|
• |
Global: the value of the parameter is the same for all SSO accounts and is not proposed to the user. |
|
• |
Rule: the value is dynamically defined as a user data function, and cannot be changed. |
|
c) |
Value: this is the default value assigned to the parameter. If nothing is entered here, it will be requested at first authentication (data collection) as a function of the parameter type defined previously. |
If you have selected Rule in the Parameter type area, between parentheses, get the exact LDAP attribute name (using an LDAP browser) and type it in the Value field. For example, type (mail) to indicate that the parameter value is the user's mail address.
|
|
If you want to add several LDAP attributes, type them one after another, without comma. Example: (mail)(dn).
|
This window appears when you click the External Name button. It allows you to define a mapping between the parameter that you are configuring within Quest ESSO and the name of an external parameter (created using another SSO tool) that must be identified by Quest ESSO.
|
|
The Parameters tab allows you to add a list of additional authentication parameters (as Windows Domains or Languages for example). These parameters will enable you to define more fields than simply the couple of fields name/password of the target application authentication window.
 |
|
|
• |
Add button: click this button to add a parameter: |
|
|
The parameter called Windows Domain (which is created upon the installation of Quest ESSO), must be used only without Controller.
|
|
b) |
To define an External Name for a parameter, select the wanted parameter and click External Name. For more information, see the Managing External Names section in the current topic. |
|
• |
|
• |
Properties button: this button is always disabled. |
3.6.2.6 "Application Profile" Tab
By default, every user is authorized to access the application. The Application Profile tab allows you to define the application profile, with an access right granted to all the users by default.
|
|
To allow the user to dynamically create new accounts from SSOWatch, select User can create additional accounts.
3.6.3 Defining Advanced Access Rights
Enterprise SSO Studio allows you to define advanced management of access rights, as explained in the following procedure.
The SSO setting by population window is only available in Enterprise SSO Studio used without Controller and LDAP storage mode.
|
1. |
In the Enterprise SSO Studio main window, right-click the application for which you want to define advanced access permissions and click SSO Settings by population. |
|
2. |
The SSO settings by population window allows you to define the population (user, organizational group or units) that you want to access the application. It is necessary to assign an application profile to each one.
|
1. |
|
2. |