You can place an nssoSingleSignon container object anywhere in the Novell Directory Services® (NDS®) tree except at the [Root]. Ideally, the nssoSingleSignon container object should be located at or above the context of the users it is intended to affect. Default search behavior is used to locate the Single Sign-on object in the user's context or higher in the tree. Settings that you make to the Single Sign-on object apply to all users in or below the context where the object is located.
For example, you want to administer Novell Single Sign-on for the username CN=Pat.OU=Sales.O=Acme. You place the nssoSingleSignon object in the NDS tree in the Sales or Acme container objects. Placing it in the Sales Organizational Unit container object affects all users in Sales. Placing it within the Acme Organization object affects users in Sales (unless an nssoSingleSignon object also existed there).
Typically, you have just one nssoSingleSignon object in a container. However, you can customize settings for groups of users by creating and assigning additional nssoSingleSignon objects.
When using v-GO* for Novell Single Sign-on, all Novell Single Sign-on users gain access to v-GO for Novell Single Sign-on. Therefore, these users must be licensed. If you intend that only certain users use the full v-GO product, you must locate Novell Single Sign-on users and v-GO for Novell Single Sign-on users in separate containers.