6.1 About Credentials

After you have created an application definition and activated it for single sign-on, the first time a user logs in, the user is prompted to provide credentials in a SecureLogin dialog box. SecureLogin then stores and associates these credentials with the application definition and uses it in subsequent logins.

You can display and manage these credentials in the Logins page of the Administrative Management utility and the My Logins pane of the Personal Management utility.

Because individual application requirements determine the credentials that users must enter when manually logging in, only those credentials are stored and remembered by SecureLogin. For example, if users have an application that only requires username and password, SecureLogin encrypts and stores the username and password for subsequent logins. Alternatively, some applications require the user to enter domain and database names, IP addresses, and select various options on Web pages. SecureLogin can handle all these on behalf of the user.

Credentials stored in a directory environment apply to all associated objects. For example, if users access an application located on a specific domain, and they are required to manually select or provide the domain address, then you can configure the domain as a credential in the Logins pane at the organizational unit level. This removes the requirement for users to manually provide the domain location when they log in. You can then change the domain at any time without notifying users.

Application credentials such as e-mail, finance system, human resource system, and the travel system are typically stored for user objects and apply only to (and can be used by) the particular user. For example, John’s application credentials are encrypted and stored against John’s user object and only available to him. When he starts an application, SecureLogin retrieves, decrypts, and enters the credentials on behalf of John.