The first time a user logs in after creating an application definition and activating it for single sign-on, the user is prompted to provide credentials in a SecureLogin dialog box. SecureLogin then stores and associates these credentials with the application definition and uses it in subsequent logins.
Because individual application requirements determine the credentials that users must enter when manually logging in, only those credentials are stored and remembered by SecureLogin. For example, if users have an application that only requires username and password, SecureLogin encrypts and stores the username and password for subsequent logins. Alternatively, some applications require the user to enter domain and database names, IP addresses, and select various options on Web pages. SecureLogin can handle all these on behalf of the user.
You can display and manage these credentials in the Logins page of the Administrative Management utility and the My Logins pane of the SecureLogin Client Utility.
Credentials stored in a directory environment apply to all associated objects. For example, if users access an application located on a specific domain, and they are required to manually select or provide the domain address, then the domain must be configured as a credential in the Logins pane at the organizational unit level. Thereby, users need not manually provide the domain location when they log in. You can then change the domain at any time without notifying users.
Application credentials such as e-mail, finance system, human resource system, and travel system are typically stored for user objects and apply only to (and can be used by) the particular user. For example, John’s application credentials are encrypted and stored against John’s user object and only available to him. When he starts an application, SecureLogin retrieves, decrypts, and enters the credentials on behalf of John.