Option name |
Description |
Use password control policy specified here |
Select this check box to select a PFCP for the security profile. If you do not select any PFCP, the application PFCP is used by default. If the check box is selected, the default PFCP is always selected. Click the button to select another one. Note: click the button to display and if necessary modify the PFCP, as described in Section Managing Password Format Control Policies. |
Password generation policy |
The default PGP is selected by default. Click the button to select another one. Note: click the button to display and if necessary modify the PGP, as described in Section Creating/Modifying Password Generation Policies. |
User must re-authenticate to perform SSO |
Select this check box if the applications associated with the security profile need a user's primary authentication to start. |
Launch application at start-up of Enterprise SSO |
Select this check box to start the application associated with the security profile when Enterprise SSO starts. The settings for application execution are therefore set at the SSO Studio level. |
Show application on user's Enterprise SSO desktop |
Select this check box to display the SSO data of the applications associated with the security profile on the account list. |
When application is used, set user's 'unlocking level' to |
If you want to use a different user level than the one specified in the user security profile (see Section Unlocking Tab (Fast User Switching - FUS)), select this check box and define the new level of the user for the applications associated with this security profile. |
Allow the user to test the application with Enterprise SSO |
Select this check box to enable the Test application command in Enterprise SSO when the user right clicks applications associated with the security profile. |
Option name |
Description |
Credential storage |
Set the storage location of the user accounts used by the applications associated with the security profile. IMPORTANT: if you select Store on token, check that the proper authentication method is provided and selected. For more information, see Section Authentication method Tab. |
Password change at first connection |
Select this check box to make the password expire immediately after being collected. The password is then changed according to the password policy (see Section Configuring the Password Generation Policy). |
User can modify account |
Select this check box to allow users to change their passwords using Enterprise SSO. This option ensures that SSO data is always managed centrally. |
Select this check box to allow users to display their passwords using Enterprise SSO. | |
Encrypt by |
The drop-down list allows you to select the way the secondary accounts used by the applications associated with the security profile are ciphered and deciphered: User: only the user can decipher his/her secondary accounts. This is the most secure option. IMPORTANT: If the user forgets his/her primary password or loses his/her smart card, it is impossible to recover his/her secondary accounts. User and administrators: you can decipher the user secondary accounts, in the same way as the user can. Thus, if you force a new primary password or assign a new smart card using the console, the user's secondary accounts are recovered. User, administrators and external key: select this option to allow an external application to decipher the user secondary accounts using a public key. For example, you must select this option if you want to use EAM with Web Access Manager (WAM). This option enables WAM to decipher the EAM secondary accounts of the user so that WAM can perform SSO with these accounts. For more details, see Mobile E-SSO Installation and Configuration Guide. |
User can reveal password history |
This check box is only available if the User can display password check box is selected. Select this check box to allow users to see the list of passwords that have already been used for an application (in Enterprise SSO). |
User can cancel Single Sign-On |
If this option is cleared, the user cannot cancel the SSO execution when he/she starts an application associated with the security profile: If the user starts an application for the first time, he must complete the authentication data collection dialog box. If the user has several accounts for an application, he must select an account in the account selection dialog box (the Cancel button is unavailable). Note: if a problem occurs (for example, if the authentication data cannot be saved due to network issues), the Cancel button is available again to allow the user to log on manually or to quit the application. Select this option to allow users to temporarily cancel the SSO execution for applications associated with the security profile, then select in the drop-down list the scope of this option: For the current session only: For the application (until reset): For the current window only: |
Integration with Identity & Access Manager |
This drop-down list allows you to define the way Enterprise SSO behaves when it collects the security data of an application for which there is no account for the user. IMPORTANT: this drop-down list appears only if the URL field of the Configuration window (File\Configuration\Options) is filled in:
The Account is collected by EAM: The user can request an access: The user must request an access: |
This tab allows you to:
|
IMPORTANT:
|
This tab allows you to define delegation permissions. These permissions authorize users to delegate their SSO account so that it can be used by other users.
The SSO account can be delegated to the following user selection.
|
NOTE: A user can delegate his/her SSO account from Enterprise SSO. For more details, see Enterprise SSO Administrator's Guide. |
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy