1.3 Additional Information

1.3.1 Enforcing Users to Change Passwords Before the Grace Login Expires

SecureLogin allows administrators to enforce users to change their password before the grace login expires.

For example, SecureLogin is installed in the LDAP mode with eDirectory. When the password expires, the authentication process consumes all the grace logins and users cannot log in. To avoid this, create the following registry keys:

  • GraceDaysBeforePasswordExpire registry of DWORD value. This displays a warning message to the users about the number of days remaining for password expiry.

  • DaysForcePasswordChange of DWORD value. This forces the users to change their passwords. Although the grace login available, this forces the users to change their password before the grace login expires.

For example, if the password policy is set to change every 90 days, the GraceDaysBeforePasswordExpire can be set to 5 and DaysForcePasswordChange can be set to 3. On the day 85 when users logs in, a message indicating the number of days left before password expiry appears. Users can choose to change the password immediately or change it later.

Similarly, when a users logs in on day 87 another message appears that forces the users to change the password. They cannot continue without changing the password.

NOTE:It is recommended to keep the grace login value greater than 2 as SecureLogin utilizes one grace login count for every connection with the directory.

1.3.2 Support for Oracle Forms

SecureLogin supports single sign-on to Oracle Forms that uses Java 1.7 or 1.8. If any of these Java components is added in the machine after installing (or upgrading to) SecureLogin, you need to enable SecureLogin to use the newly added Java component. To enable support to the new Java component, run the repair option of the SecureLogin installer.

1.3.3 Notifications for Single Sign-On Applications

When you launch any application that is available for single sign-on, SecureLogin displays a notification in the system tray indicating that the application can be selected for single sign-on. If you do not want to single sign-on to an application when it is launched then, you can ignore the notification and proceed. When you ignore the notification, the color of the icon changes from blue to orange indicating that web pages are available for single sign-on. You can view the list of web pages by clicking the icon on the system tray and selecting the application to single sign-on.

1.3.4 Indication for an Active SecureLogin User

You can identify the active SecureLogin user with the help of the visual cue in the task bar. This visual cue displays the details of the active user such as First name, Last name, Full name, Distinguished name, or Default name based on the preference settings. To modify these preferences, see Display user name on task bar. These preferences are refreshed every 30 seconds by default. You can also modify the refresh time interval by modifying the value of the registry key UserbarRefreshInterval.

In addition, you can add prefix to the user name displayed in the task bar. To add prefix, you must set the prefix text as a value for the registry key UserbarPrefix. These registry settings are available at HKEY_LOCAL_MACHINE\SOFTWARE\Protocom\SecureLogin.

SecureLogin does not display the logged in user name by default in the task bar. For user name to be displayed in the task bar, you must right-click the SecureLogin icon on the notification area (system tray) and select Show User bar or you can right-click the task bar and select Toolbars > SecureLogin SSO User.

1.3.5 Keyboard Shortcuts

You can use the keyboard shortcuts to navigate to the required options.

Key combination

Result

Ctrl+Shift+A

Launches the New Application window.

Ctrl+L

Launches the Create Login window.

Ctrl+P

Launches the New password policy window

Delete

Deletes the selected application, login, and password policy.