Novell SecureLogin uses the directory structure and administrative tools for a centralized and management and deployment of user configuration. In the Active Directory, Novell SecureLogin installs an additional an additional tab to the> dialog box. This dialog box provides Novell SecureLogin administrative functionality in the same utility you currently use to manage your Active Directory users.
Configuring a user’s Novell SecureLogin environment includes:
Creating password policies (optional).
Enabling single sign-on to applications.
Creating passphrase questions for selection (optional).
NOTE:We recommend that you configure Novell SecureLogin on a test user account before deploying.
The following table shows the options available for deploying and distributing user configuration:
Table 5-1 Deploying and Distribution Options
User Configuration Options
Copies Novell SecureLogin configuration from one object in the same directory to another object
Export and import
Distributes the configuration by using an XML file.
Directory object inheritance
Inherits the configuration from a higher level directory object, such as a Group policy.
Corporate Configuration redirection
Specifies a directory object from which the configuration is inherited.
It is recommended that you use industry standard application distribution packages such as Microsoft IntelliMirror, System Management Server, or Novell ZENWorks® to deploy and manage Novell SecureLogin across large enterprises.
Novell SecureLogin can be installed, configured, and features can be added and removed using Microsoft Windows Installer command-line options and parameters types from the command line or provided through a batch file.
Prior to installing Novell SecureLogin that ensure the LDAP certificate file is saved in the default certificate location of the LDAP log, for example, securelogin\rootcert.der.
The procedure explained here applies to manual installation, and is also applicable to installing on small number of workstations and laptop computers.
Log in to the workstation as an administrator.
Run the Novell SecureLogin.msi.
The Welcome page is displayed.
Click. The License agreement page is displayed.
Read the license agreement. Selectif you want to proceed with the execution of the license agreement. If you do not want to proceed with the execution of the license agreement, click to quit the setup.
Click ..\Program Files\SecureLogin\. If you want to change the location, click and select an alternative location for Novell SecureLogin on the drive.. The program location folder is displayed. The default location for Novell SecureLogin is,
Click. The installation environment page is displayed.
IMPORTANT:There are no additional installation or configurations required when running Microsoft Active Directory in LDAP mode. The only variation is in selecting the installation environment. You select theinstead of the .
Click. The smart card support page is displayed.
The ActivClient card settings are used if they are detected.
NOTE:This option is based on whether you want to have Novell SecureLogin users use their smart card to store single sign-on data to encrypt the users’ directory data by using a Public Key Infrastructure (PKI) token.
If you are not usingoption, or you want to change the smart card or cryptographic token, select option. This is the recommended option.
From thedrop-down list, select the appropriate cryptographic service provider.
Browse to locate and select the appropriate .dll) file.link (
Manually configuring the third-party smart card PKCS#11 link library assumes a high level of understanding of the cryptographic service provider’s product. Hence, we recommend that you use the ActivClient smart card support.
Click. The installation features page is displayed.
We recommend you to select theoption. However, depending on your enterprises’s operating environment, you can opt to have Novell SecureLogin start at Windows startup or at user login.
The Directory administration tools are provided for corporate environments to manage users centrally at the directory. In the LDAP mode, Novell SecureLogin installs the Administrative Management utility.
If applicable, select.
Click. The cache location folder page is displayed.
IMPORTANT:Consider the following information before changing the cache location:
The user's application data folder is the Triple DES or optionally AES encrypted repository for all Novell SecureLogin user data, which includes credentials, preferences, password policies, preconfigured applications, and application definitions.
By default, Novell SecureLogin data is stored in both your organization's corporate directory and in the SecureLogin offline cache on your workstation's hard drive. The data in the directory and the local cache are synchronized to ensure user data is always current.
When the smart card is used to store application credentials, the credentials are stored on the smart card and directory only. The cache and directory contain the application definitions, policies, and settings for single sign-on.
If smart cards are not used in the LDAP implementation, you can turn off the cache using an administrative preference so that the users access their single sign-on data from the directory only. This option has an impact on system performance.
If you want to change the location of the cache folder, select> and locate the an alternative folder.
Click. The Ready to install the program page is displayed.
Click. The installation process takes a few minutes. A confirmation message appears after the installation is complete.
If you are prompted for a restart, click Yes. The computer is automatically restarted.
A SecureLogin passphrase is a question and response combination used as an alternative form of identity verification. Passphrase functionality protects SecureLogin credentials from unauthorized access and enables users to access SecureLogin in offline mode. Passphrases can also be used as a substitute authentication mode if, for example, a user forgets his or her password. Depending on your preferences, SecureLogin passphrase questions can be generated by the administrator and, or the user.
During installation, the passphrase security is enabled to enforce passphrase setup during the initial login. You can disable the passphrase policy by deselectingoption in the pane of the Administrative Management utility.
If a passphrase has previously been configured, this dialog box does not display and the installation is complete.
On initial login to SecureLogin all users are requested to save a passphrase response. It is important that this response is easy to recall because it cannot be viewed by anyone.
WARNING:Remember the passphrase answer. If you forget the answer, it cannot be accessed.
As administrator, and therefore first user of SecureLogin, you must create a passphrase question for yourself.
After installing Novell SecureLogin successfully, when you attempt to log in to the workstation, you are prompted to set your passphrase question and answer.
Specify a question in thefield.
Specify an answer in thefield.
Specify the answer again in thefield.
Click. Your passphrase is saved and SecureLogin is installed on the administration workstation.
NOTE:When you upgrade, SecureLogin stores all users data, including the user’s passphrase question and response, from the previous version, so you do not need to re-create the passphrase.
You can create passphrase questions for users to select from in a directory environment; however, because you are the first SecureLogin user, you must create your own passphrase question.
Installing Novell SecureLogin for mobile and remote users use the same procedure as Section 5.4.2, Installing On a User Workstation.
However, it is important to ensure that the cache is saved locally, or users cannot access applications when they are disconnected from the network. Thesetting in the option is set to by default. You can set this at either the Organization Unit level or on a per-user basis.
Enterprises often create roaming profiles for specific groups of users, defined by their organizational role or function. For example, field engineers connecting from remote locations or accounting staff working at different locations setting the path to the target user’s profile path.
For more information on creating roaming profiles in an Active Directory environment, see the Microsoft Support Web site.
NOTE:During loading, the Novell SecureLogin loads the user’s profile effectively locking that profile and preventing the user’s credential data from being copied to their roaming profile.
To prevent the Novell SecureLogin from causing problems with the existing user roaming profiles, you must manually force the Novell SecureLogin not to encrypt the user’s credential data by using the Microsoft’s Data Protection API (DPAPI).
Configuring the Novell SecureLogin for use with roaming profiles requires additional support for a successful deployment. Contact Novell Support for assistance.