BIIM Support     Overview Installation Using the BIIM MFA Authentication - TPM - Biometrics - SmartCards / Tokens Windows Client Logon Single Sign On Secure eWallet Document Manager Managing My Identity BioCert BIIM Settings AD & LDAP Integration

BioCert® Intelligent Identity Manager Support

Single Sign On

BioCert® Intelligent Identity Manager Single Sign On (SSO) stores user names and passwords for multiple applications and automatically enters logon credentials when a registered application is accessed. With SSO a user no longer has to memorize a growing number of passwords for Internet and Windows applications.

BioCert® Identity SSO is designed to be secure and easy to use. Automatic application registration, wizards, and predefined applications make it easy to record new applications and credentials. Learning to use SSO is very simple because SSO will automatically memorize the credentials entered for an application without any additional steps required by the user.

The following topics are available to familiarize users with important BioCert® Single Sign On features:

SSO Overview

BioCert® Intelligent Identity Manager Single Sign On enhances user computing experience by reducing number of passwords that the user must remember. Single Sign On is based on adaptive learning technology that automatically detects applications requesting user logon and records of usernames and passwords as the user types in logon credentials.

Security and privacy is an important feature of BioCert® Single Sign On. All credentials are encrypted and are available only after successful logon to BioCert® Identity.

BioCert® Identity also includes an additional convenience feature - rapid application launch. All registered applications can be launched directly from the BioCert® Identity icon or management console. An advanced user can customize all steps of application logon by modifying logon scripts and tuning logon configuration parameters.

You can access SSO functionality after logon to BioCert® Identity using any of the following places:

• SSO is automatically activated when it detects an application screen that is requesting user logon.
• Accessing SSO management components and rapid application launch functionality is available by logging on to BioCert® Identity, selecting Services and Applications and then selecting Single Sign On.
• SSO management components and rapid application launch functionality can be accessed by right-clicking the BioCert® Identity icon in the taskbar notification area.

Automatic Application Registration

How to register

To achieve automatic registration of a Web site or application:

1. When a logon dialog (containing a password field) is detected, SSO automatically prompts the user to memorize the user name and password associated with an application. A notification icon is displayed automatically on the upper-right corner of the application indicating that SSO is ready to record the user’s credentials. 
2. Submit the required user credentials to the application.
3. A confirmation dialog box is displayed, prompting to confirm the recording of the credentials and allowing the user to change the display name for the credentials set. SSO stores the credentials in a separate list so that applications with the same user name and password can share the same credentials set.
   Note
   Using the SSO confirmation dialog box, you may also customize some options for the registered SSO application. The list of SSO application related options is displayed when you click More.
4. Select Yes to complete the registration process and save the submitted credentials.

How to use

To use automatic submission of credentials, simply access the Web site or application for which the user credentials were previously recorded. When the system detects the application, the user credentials are submitted automatically.

Managing SSO Applications

BioCert® Identity allows the user to manage (that is, add, remove, and modify) registered SSO applications as well as the account credentials assigned to SSO applications.

To manage SSO applications:

1. In BioCert® Identity, select Services and Applications.
2. In Single Sign On, select Manage Applications & Credentials. The BioCert® Single Sign On dialog box is displayed.
3. To modify or remove a previously registered Web site or application, select the desired record in the list.
4. Select Remove to delete the selected application from the list. You will not be able to use SSO functionality for the deleted application until you register the application again.
5. To modify settings of the previously registered Web site or application, click Properties. The application Properties dialog box is displayed.
   • The General tab contains several settings describing the behavior of the system when you access the application.
   • The Script tab allows you to modify the application’s script either manually (in the script editor window) or by using the mouse cursor as described in Manual Application Registration
6. Click More to add, export, or import an SSO application or to manage account credentials for the selected SSO application.
   Note
   Only the SSO application script is being exported or imported. All SSO credentials are safely stored within the User Identity.
7. Select Register New Application to launch the SSO Application Wizard. To add an application manually, follow steps as described in Manual Application Registration.

Managing SSO Credentials

BioCert® Identity allows management, such as adding, removing, and modifying registered SSO credentials assigned to the registered SSO applications. Multiple credential sets can be used with a registered application, allowing the user to automate logon to multiple accounts.

To manage SSO credentials:

1. In BioCert® Identity, select Services and Applications.
2. In Single Sign On, select Manage Applications & Credentials. The BioCert® Single Sign On dialog box is displayed.
3. Select the desired SSO application to manage credentials.
4. Click More or select the value located in the Account column. Depending on the place where you started managing the SSO credentials, the following menu option is available:
   • Add New Credentials / Add New - Adds a new SSO credentials record for the selected SSO application.
   • Edit Credentials / Properties - Modifies the selected SSO credentials record.
   • Delete Credentials / Delete - Deletes the selected SSO credentials record.
   • Delete Unused Credentials / Delete Unused - Deletes all SSO credentials that are not added to any SSO application.
5. If you have registered more than one SSO credentials record for the selected SSO application, you can switch between SSO credentials records using the pop-up menu at the Account column.

Note
To allow use of multiple credential sets for Web sites or applications, you need to enable the SSO confirmation dialog. To set this setting, select the SSO application and check the box Confirm. When accessing the application, a confirmation dialog box is displayed. Select the desired set of credentials to log on to the application.

Manual Application Registration

To manually register an application for SSO usage:

1. In BioCert® Identity, select Services and Applications.
2. In Single Sign On, select Register New Application. The SSO Application Wizard is displayed.
3. From the drop-down list, select the type of activity you want to automate. In the most cases, Logon dialog selection is appropriate.
4. To register a new SSO application, run the desired desktop or Web application and navigate to its logon dialog box or Web page. The logon dialog box or Web page usually has a protected (password) field.
5. Switch back to the SSO Registration Wizard.
6. Using the mouse, select and drag the icon with the finger until it is positioned over the desired application window. Release the mouse when the window (or part of window) that you want to automate is highlighted.
7. When the mouse button is released, the SSO Registration Wizard pops up again to request the general application information. Type the desired information, and then click Finish to complete the registration.
8. When the SSO Application Wizard is closed, the system brings you back to the logon screen being automated. Type the desired credentials in the logon fields (such as user name and password), and then select the button that submits the typed credentials.
9. The system asks you to confirm the typed credentials to be stored for future use. Confirm or modify the credentials name, and then select Yes to complete the credentials registration.

Single Sign On Settings

Single Sign On functionality is governed by three major groups of settings:

• SSO service settings
• SSO settings for the current user
• SSO settings for the selected SSO application configured by the current user

Configuring SSO service settings

The following groups of Single Sign On service settings may be specified:

• General settings - Enable or disable the automatic detection of logon dialogs, validating user before making changes, and showing all available SSO shortcuts.
• Permission settings - Allow or deny the ability to manage applications and credentials, customize predefined applications, register new SSO applications, and view passwords.

To configure SSO service settings:

1. In BioCert® Identity, select Settings.
2. Select Services and Applications tab.
3. In Select category drop-down list, select the user category to which the settings to be configured.
4. In the service list, select Single Sign On, and then click Properties. The Single Sign On Service dialog box is displayed.
5. Configure the desired general settings and permissions, and then click OK to save the changes.

Configuring SSO settings for the current user

To adjust SSO settings for the current user:

1. In BioCert® Identity, select Settings.
2. Select Single Sign On tab.
3. Configure the desired settings, and then click OK to save the changes.

Refer to Single Sign On settings to learn more about SSO settings configured on the user level.

Configuring SSO settings for the selected SSO application for the current user

When BioCert® Identity is ready to record the submitted credentials for the SSO application, it prompts for user confirmation. Choose from the following options for this SSO application:

• Do not suggest to use SSO with this site or application - Allows the user to use or not to use SSO functionality for the selected application independently from other applications.
• Fill in credentials only, do not submit - Allows the user to submit or not the credentials manually after they are automatically filled in.
• Ask confirmation before submitting credentials - Toggles a confirmation dialog box. This setting is useful when user has multiple credential sets for the SSO application.

Single Sign On Troubleshooting

Web site or application requires additional information

This situation frequently happens on the Web sites that protect themselves from Denial of Service Attacks by requiring the user to type in a random number or text presented on the dialog box. When registering this Web site or application, select Fill in credentials but do not submit option available in the BioCert® Single Sign On confirmation dialog box. BioCert® Identity SSO will only fill recorded credentials and let the user fill the rest of information and log on to the automated application.

You may also disable the automatic submission of account credentials for the Web site or application, if it was already registered:

1. In BioCert® Identity, select Services and Applications.
2. In Single Sign On, select Manage Applications & Credentials. The BioCert® Single Sign On dialog box is displayed.
3. Select the desired SSO application, and then click Properties.
4. In application Properties dialog box General tab, select Fill in credentials but do not submit, and click OK.

How to exclude the selected Web site or application from SSO

You may want to exclude some of the Web sites or applications from the list of applications automated by BioCert® Identity SSO.

When registering this Web site or application:

1. In BioCert® Single Sign On confirmation dialog box, click More.
2. Select Do not use SSO with this site or application.

You may also exclude the Web site or application from SSO, if it was already registered:

1. In BioCert® Identity, select Services and Applications.
2. In Single Sign On, select Manage Applications & Credentials.
3. Select the desired SSO application, and then click Properties.
4. In application Properties dialog box General tab, select Do not use SSO with this site or application.

Use of multiple user accounts for a Web site or application

If you have multiple user accounts for Web sites or applications, you can request BioCert® Identity SSO to confirm which logon account to use in the current session.

To turn on confirmation functionality for Web site or application:

1. In BioCert® Identity, select Services and Applications.
2. In Single Sign On, select Manage Applications & Credentials.
3. Select the desired SSO application, click Properties.
4. In application Properties dialog box General tab, select Prompt to select account for this application.

   Note
   You may also manage the confirmation functionality directly from SSO applications list by using the Prompt check box.

If confirmation functionality is turned on, the BioCert® Identity prompts you to confirm the account being used for the logon to SSO application. In the confirmation dialog box, you are able to select the desired account from drop-down list.

Web site or application automatically logs user back on after logoff

To fix this problem, you can require manual logon confirmation for the Web site or application.

To turn on confirmation functionality for Web site or application:

1. In BioCert® Identity, select Services and Applications.
2. In Single Sign On, select Manage Applications & Credentials.
3. Select the desired SSO application, click Properties.
4. In application Properties dialog box General tab, check the option Prompt to select account for this application.

   Note
   You may also manage the confirmation functionality directly from SSO applications list by using the Confirm check box.

Web site or application gets into endless logon loop because of the wrong password

To fix this problem, you can either direct BioCert® Identity SSO to fill in the credentials but not to perform logon, or correct the password for the SSO account.

To disable the automatic submission of account credentials for the Web site or application:

1. In BioCert® Identity, select Services and Applications.
2. In Single Sign On, select Manage Applications & Credentials.
3. Select the desired SSO application, click Properties.
4. In application Properties dialog box General tab, check the option Fill in credentials but do not submit.

To change a password for a SSO account:

1. In BioCert® Identity, select Services and Applications.
2. In Single Sign On, select Manage Applications & Credentials.
3. Select the desired SSO application, click More.
4. In popup menu, select Edit Credentials. Account credentials Properties dialog box is displayed.
5. Type the correct password in Password field, click OK.

Web site or application is not recognized by Single Sign On

Some Web sites and applications may not support SSO automatic registration. Try to use BioCert® Identity SSO in manual mode to register such Web sites or applications.

Note
If manual registration does not succeed, look for BioCert® Identity updates. Each new BioCert® Identity release provides expanding coverage of supported SSO applications.