The information provided in this section describes the user experience in environments where the passphrase security system has been enabled and disabled.
When the passphrase security system is disabled in an environment where it was previously enabled, the following message appears to users the next time they log in.
If the user clicks OK, the disabling of the passphrase security system is approved and the user is prompted for the current password. The approval is complete when the user provides the password.
If the user click Cancel, the passphrase security system disabling is delayed and the user is prompted with the message until he or she clicks OK to approve the change.
NOTE:Users must answer the passphrase answer to prevent the administrators to toggle this preference and allow an unauthorized user access SecureLogin.
If the passphrase security system is re-enabled, the Passphrase Setup dialog box is displayed (similar to when a user logs in for the first time after installing SecureLogin.)
If the user clicks OK, the user resets the passphrase question and answer.
If the user clicks Cancel, there is a delay in enabling the passphrases for the user’s workstation. The user is prompted at subsequent log ins until he or she specifies a passphrase question and answer.
If you reset the user’s password when the passphrase security system is disabled:
In an LDAP-compatible and eDirectory (with SecretStore) modes, you cannot move the user object to another organizational unit until that user has logged in to SecureLogin on his or her workstation. You must move the object back to its previous location to enable the user to run SecureLogin.
In an Active Directory mode, you can move the user object within the directory. If the user object is moved, you must move the object back to its previous location to enable the user to run SecureLogin.
If a user forgets SecureLogin data, including his or her passphrase or passphrase answer, you must delete the user’s existing SecureLogin datastore.
After the datastore is deleted, the user’s corporate applications, credentials, preferences, and user policies are permanently removed. You must then reset the user’s corporate password before he or she can log in and reconfigure the applications by using SecureLogin.
The next time SecureLogin starts, he or she must manually log in. SecureLogin then detects that a passphrase is not set and prompts the user to set up the passphrase before continuing. You can create a list of predefined list of passphrases questions.
After the user has set a new passphrase, he or she must re-enter the application user names and passwords. If it is not done, an unauthorized could breach security by clearing the passphrase, entering a new passphrase, and accessing the actual user’s credentials.
You might need to reset the user’s application passwords as they might have forgotten them.