Managing User IDs

After an application is enabled for single sign-on, SecureLogin prompts the user to enter login credentials in a SecureLogin dialog box. SecureLogin then stores these credentials, associating them with the relevant application script for use in subsequent logins. These credentials are displayed and managed in the User IDs page.

A user ID consists of whatever is required of a user to authenticate to a network or directory. For example, authentication to a Windows application might require a domain name, password, or PIN. Authentication to a Web application might require an IP address.

Credentials are linked to an application and can be stored at any object level. Credentials stored at the container or OU level apply to all users in that container or OU. For example, if everyone in the RDev department accesses an application on a specific domain, you can preset the domain in the User ID page. Users then don't have to enter the domain manually. Also, you can change the domain name at any time without any affect to users.

Another example is a Web-based application that all users in an organization access by using the same username and password. If you set the password and username credentials for the application at the container or OU level, the username and password are preset for all users in that container or OU.

User IDs are especially useful when two or more applications can use the same credentials.

Scenario: Sharing a User ID. On the Applications page, you added GroupWise.exe, a Windows application. You also added gmail.digitalairlines.com, a Web application. At the ID page, you create a user ID named GroupWise. You link both applications to this user ID. Authorized users can now use single sign-on to access GroupWise® from a Windows environment (grpwise.exe) or a Web environment (http://gmail.digitalairlines.com).

If you change the password for one application, SecureLogin updates the password in one location. All applications that use that password automatically get the update.

You use the user ID feature to do the following:

You manage user IDs by using the SecureLogin snap-in to ConsoleOne, Active Directory Users and Computers in MMC, SecureLogin Manager, or the SecureLogin workstation client.


Creating User IDs


Adding a Description to the User ID Tab

  1. Click User IDs > New.


    The dialog box to add a new user ID

  2. Type a descriptive name (for example, DeskUp) in the New User ID dialog box, then click OK.


    The dialog box to describe a user ID


Adding a Username Variable and Value

A username variable displays the name that a user ID is associated with.

  1. (Conditional) To add a username variable to an existing user ID, click the user ID, then click Edit.

    For example, click DeskUp in the Description column. As the following figure illustrates, the User ID dialog box appears for the application. If you are adding a new user ID, this dialog box appears as soon as you have created the user ID.

    This dialog box is used to manage the variables (for example, username and password) associated with a login.


    The dialog box to add or edit variables

  2. Click New, type a name (for example, Username) for the new variable, then click OK.


    The dialog box for naming a variable

  3. Type a value (for example, hdubois) for the new variable, then click OK.


    The dialog box for entering a value for a variable


Adding a Password Variable and Value

After you enter a variable and value for a user ID, you return to the User ID application name dialog box. You can then add other variables and values if you want to.

  1. Click New.


    The dialog box to add or edit a variable

  2. In the New Variable dialog box, type Password, then click OK.


    The New Variable dialog box

  3. Type and confirm the new password, then click OK.


    The dialog box to add a password

    If you are using the properties of your own User object, the user ID values are saved to the local cache and a directory cache.

    The following figure illustrates a completed user ID, with the Username and Password variables along with accompanying values for each:


    The dialog box to add or edit variables

  4. (Optional) Link the user ID to an application by clicking Add, selecting the application, then clicking OK.


    Available applications listed in the Description pane

    You can link a user ID to one or more applications. Applications that are linked with the same user ID share the same login data. If you change a password for an application, that change is stored in one place. All linked applications then use the updated data for single sign-on logins.

    A down-arrow on the left side of the icon Application icon with a down-arrow indicates that the ID is inherited.

  5. Save the user ID by clicking OK, then save the data by clicking Apply or OK.

    The following figure illustrates the new user ID:


    The User ID tab, listing user IDs


Editing User IDs

You can change any variable, regardless of how it is named. Those variables that contain "password" in the name (or key) use the password change dialog box. Change all other variables by using the regular edit-variable dialog box.


Changing a Password

  1. Click the user ID, then click Edit.

  2. Click the Password line, then click Edit.

  3. Enter and confirm the new password, then save changes.


Changing Other Variable Names

  1. Click the user ID, then click Edit.

  2. Click the variable (for example, Username) line, then click Edit.

  3. Type a name, then click OK.

  4. Save the changes.


Deleting User IDs

  1. Click a user ID, then click Delete.

    You can't delete an inherited user ID or a default user ID. The default user ID is the first one that is associated with an application.

  2. Save the data by clicking OK or Apply.


Setting Up Multiple IDs for an Application

You can create additional logins to an application or server. SecureLogin manages multiple logins by providing a list when you launch the application.

Scenario: Multiple Identities. Occasionally, Henri must access deskup.exe as user Admin to change data. Usually, Henri accesses the application as user Henri to view data. Therefore, Henri's job responsibilities require that he have two identities for the application deskup.exe. Henri sets up an ID for each role. To log in to deskup.exe, Henri selects from a list of IDs, according to his role.


Using the New Login Wizard to Create IDs

To use SecureLogin on the desktop to set up multiple IDs for an application:

  1. Right-click the SecureLogin icon on the task bar (system tray), then click New Login Wizard.


    The New Login Wizard option on the SecureLogin menu

    The Wizard is self-documenting. It provides information that helps you complete the remaining steps.

  2. Select the application that requires a new login, then click Next.

  3. Type a distinguishing description for the new login, then click Finish.

  4. When you next run the application, select the new description, then provide login credentials.


Using Network Management Tools to Create IDs

The following steps apply to ConsoleOne, MMC, or SecureLogin Manager:

  1. (Conditional) Create a user ID for an application.

    If a user ID already exists for the application that you need multiple IDs for, skip this step.

    The application can be a Windows, Web, or other application. The application has a username and password.

  2. Click Applications, select the application that you want to create the multiple user ID for, then click Edit.


    The Applications tab

  3. In the User IDs dialog box, click New.


    The User IDs dialog box

  4. Type a description for the multiple-ID login that you are creating, then click OK.


    The Description text box in the New User ID dialog box

  5. Select the new entry in the Description column, click Edit, create variables and values for the new user ID, then save changes.


    The dialog box to enter variables and values

  6. For subsequent logins to the application, select the user ID that you need.

    As the following figure illustrates, a list displays each user ID that you have created. The default option is for the first login that was created.


    A list of logins for an ID

    Each user ID has a separate set of variables. The script for the login could use two variables (for example, a username and password) or more than two. Also, the variables might be named something other than Username and Password.