Set preferences for managing SecureLogin in the Administration Management utility:
Launch the Administrative Management utility (SLManager or MMC snap-ins).
Click Preferences.
Make the changes as required and click OK.
Use the information in the following tables while making the changes:
Table 3-1 .Net Preferences
Preference |
Possible Values |
Description |
Default Value |
---|---|---|---|
Add application prompts for WindowsAutomation (DotNet) applications |
Yes/No/Default |
This preference prompts to add a .Net application for defining the application definition. If this preference is set to No then, the Add Application window is not launched when you launch any .Net application. |
Yes |
Allow single sign-on to WindowsAutomation (DotNet) applications |
Yes/No/Default |
This preference allows SSO to .Net applications. If this preference is set to No then, the application will not be available for SSO. |
Yes |
Start the WindowsAutomation (DotNet) monitor/automation worker |
Yes/No/Default |
This preference starts the DotNetSSO process. The Start the WindowsAutomation (DotNet) monitor/automation worker preference replaces the DISABLE_DOTNETSSO registry setting. |
Yes |
NOTE:To apply the changes, restart SecureLogin.
Table 3-2 Auditing Preferences
Preference |
Possible Values |
Description |
Default Value |
---|---|---|---|
Enable logging to SysLog server |
Yes/No/Default |
This preference controls sending the log events to SysLog server. If set to No or Default, log events are not sent to SysLog server. If set to Yes, log events are redirected to SysLog server from Windows Event log. |
No |
Enable logging to Windows Event log |
Yes/No/Default |
This preference controls sending the log events to Windows Event Log. This includes the entire user configuration, both local and inherited. If set to Yes or Default, log events are sent automatically to Windows Event Log. If set to No, the log events are not sent to Windows Event Log. NOTE:This preference requires SecureLogin 6.0 datastore if the value is changed. |
Yes |
Table 3-3 General Preferences
Preference |
Possible Values |
Description |
Default Value |
---|---|---|---|
Allow application definitions to be modified by users |
Yes/No/Default |
This preference controls whether users can modify application definitions using the Definitions tabs in the Applications pane of SecureLogin client. If this option is set to Yes or Default, the end user can view and modify their application definitions. If this option is set to No, the end user cannot change their application definition. NOTE:If the Allow application definition to be viewed by users is set to No, then this option is cannot be edited. Disabling this preference does not disable the users from creating new applications through the wizards. This preference requires SecureLogin 6.0 datastore if the value is changed. |
Yes |
Allow application definitions to be viewed by users |
Yes/No/Default |
This preference controls whether users can view application definitions using the Definitions tabs in the Applications pane of SecureLogin client. If this option is set to Yes or Default, users can view the application definition. If this option is set to No, users cannot view the application definition. |
Yes |
Allow credentials to be deleted by users through the GUI |
Yes/No/Default |
This preference controls whether users can delete their credentials using SecureLogin client available from Manage Logins from the SecureLogin icon in the notification area (system tray). NOTE:If Allow credentials to be modified by users through the GUI is set to No, then this option is automatically set to No and not editable. This preference requires SecureLogin 6.0 datastore if the value is changed. If this option is set to Yes or Default, users can delete their credentials through the GUI. If this option is set to No, users cannot delete their credentials. |
Yes |
Allow credentials to be modified by users through the GUI |
Yes/No/Default |
This preference controls whether users can modify their credentials using SecureLogin client available from Manage Logins from the SecureLogin icon in the notification area (system tray). If this option is set to Yes or Default, users can modify their credentials through the GUI. If this option is set to No, users cannot modify their credentials through the GUI. They can only view the credentials. |
Yes |
Allow user to set Obscure Show Password |
Yes/No/Default |
This preference controls whether the user can modify the Obscure Show Password option. If this option is set to Yes or Default, users can modify the Obscure Show Password option and change the duration of time a password is visible. If this option is set to No, users cannot modify the Obscure Show Password option. |
Yes |
Allow users to (de) activate SSO via system tray |
Yes/No/Default |
This preference controls whether users can activate or deactivate SecureLogin through the SecureLogin icon in the notification area (system tray). If this option is set to Yes or Default, users can switch between active and inactive modes of SecureLogin. If this option is set to No, users cannot switch between active and inactive modes.
This preference requires SecureLogin 6.0 datastore if the value is changed. |
Yes |
Allow users to backup/restore |
Yes/No/Default |
This preference controls whether users can backup and restore their information from the Advanced menu of the SecureLogin icon on the notification area (system tray). If this option is set to Yes or Default, users can back up and restore their SSO information. If this option is set to No, users cannot back up and restore their SSO configuration. |
Yes |
Allow users to close SecureLogin SSO via system tray |
Yes/No/Default |
This preference controls whether users can access the Close option from the SecureLogin icon on the notification area (system tray). If the option is set to No, the Close option is shown as disabled in the SecureLogin notification area. If this option is set to Yes or Default, the Close option is accessible in the SecureLogin notification area. NOTE:This preference requires SecureLogin 6.0 datastore if the value is changed. |
Yes |
Allow users to log off via system tray |
Yes/No/Default |
This preference controls if users can log out from a session using Log Off User option from the SecureLogin icon on the notification area (system tray). If this option is set to No, the Log Off User option is not displayed and accessible in the SecureLogin notification area (system tray) icon. If this option is set to Yes or Default, the Log Off User option is displayed and accessible in the SecureLogin notification area (system tray) icon. |
Yes |
Allow users to modify names of Applications and Logins |
Yes/No/Default |
This preference controls whether users can edit the names of their Application login credentials using the Details tab > Edit function in SecureLogin client. If this option is set to Yes or Default, the user can edit the names of their credentials (either by right-clicking on the credential and selecting Rename, or by a slow double-click on the credential name). If this option is set to No, the use cannot edit the names of the credentials. |
Yes |
Allow users to view and change preferences |
Yes/No/Default |
This preference controls whether users can view and update their preferences. If this option is set to Yes or Default, users can view and change their preferences. If this option is set to No, users cannot view and change their preferences. NOTE:Create a separate ou for administrators to ensure that they are not adversely affected by the general user configuration preferences at the ou level. |
Yes |
Allow users to view and modify API preferences |
Yes/No/Default |
This preference controls whether users can view and modify API options using the Preferences pane of SecureLogin client. The API preference defines the following options for users to:
If this option is set to Yes or Default users can view and modify the API preference. If this option is set to No, users cannot view and modify the API preference. NOTE:This preference affects what is displayed in SecureLogin client using Change Preferences from the Advanced menu. |
Yes |
Allow users to view passwords |
Yes/Yes, per application/No/Default |
This preference controls whether users can view their passwords using Show Passwords in the Application pane > Details of SecureLogin client. If this option is set to Yes or Default, users can view their passwords. If this option is set to No, users cannot view their passwords. NOTE:Allowing users to view their passwords gives them an opportunity to view and record passwords if they need to reset the SecureLogin configuration. |
Yes |
Change the cache refresh interval (in minutes) |
5 |
This preference defines the time in minutes the synchronization of user data and directory on the local workstation. This preference is available in both SecureLogin client and the administrative management utilities (SLManager and MMC snap-ins). |
5 minutes |
Display splash screen on startup |
Yes/No/Default |
This preference controls the display of the SecureLogin splash screen during startup. If this option is set to Yes or Default, the splash screen appears when SecureLogin starts up. If this option is set to No, the splash screen is hidden and users cannot see the splash screen when SecureLogin starts up. NOTE:This preference requires SecureLogin 6.0 datastore if the value is changed. |
Yes |
Display user name on mouse over tray icon |
Yes/No/Default |
This preference allows SecureLogin to display the current user name when you mouse over the SecureLogin tray icon. When the user logs in to SecureLogin in the offline mode, the full qualified distinguished name (FQDN) is displayed when you mouse over the SecureLogin tray icon. In the online mode, the current user’s full name is displayed. |
No |
Display user name on task bar |
Disable/First name/Last name/Full name/Distinguished name/Default |
This preference controls the display of the logged in user name on the task bar. If this option is set to Disable, the logged in user name is not displayed on the task bar. If this option is set to First name/Last name/Full name/Distinguished name/Default, based on the selection respective value is displayed on the task bar. NOTE:For the logged in user name to be displayed in the task bar, you must right-click the Secure Login icon on the notification area (system tray) and select Show User bar or you can right-click on the task bar and select Toolbars -> SecureLogin User. This preference is available in both the SecureLogin Client Utility and all the administrative management utilities (SLManager and MMC snap-ins). |
Disable |
Detect incorrect passwords |
Yes/No/Default |
Predefined applications generally include commands to respond to incorrect password dialogs. This preference enables SecureLogin to respond to incorrect passwords for web applications. If this option is set to Yes or Default, incorrect passwords for Web applications are detected. If this option is set to No, incorrect passwords for Web applications are not detected. This preference is available in both SecureLogin client and the administrative management utilities (SLManager and MMC snap-ins). |
Yes |
Disable single sign-on |
Yes/No/Default |
This preference controls the users access to running SecureLogin. If this option is set to Yes, access to SecureLogin is disabled and it will not start when run either automatically at startup or when run manually. If this option is set to No or Default, access to SecureLogin is enabled and will start normally. |
No |
Display the system tray icon |
Yes/No/Default |
This preference controls the display of SecureLogin icon in the notification area (system tray). If this option is set to Yes or Default, the SecureLogin icon appears on the notification area (system tray). If this option is set to No, the SecureLogin icon does not appear on the notification area (system tray). NOTE:When the SecureLogin icon is visible, users can double-click the icon on the notification area (system tray) to launch SecureLogin client. When the SecureLogin is not visible, users can start SecureLogin client through Start > Programs > NetIQ SecureLogin > NetIQ SecureLogin. |
Yes |
Enable cache file |
Yes/No/Default |
This preference controls creating and updating of a SecureLogin cache file on the local workstation. The cache file stores all user configuration data; local and inherited. Set this option to Yes or Default, the cache file is saved on the local workstation in the directory that was specified during install. Users with roaming profiles are recommended keep this setting as Yes. Set this option to No if you cannot store cache files locally or if this causes conflicts with your organizational security policy. This preference is available in both SecureLogin client and the administrative management utilities (SLManager and MMC snap-ins). |
Yes |
Enable logging to Windows Event log |
Yes/No/Default |
This preference controls sending the log events to Windows Event Log. This includes the entire user configuration, both local and inherited. If set to Yes or Default, log events are sent automatically to Windows Event Log. If set to No, the log events are not sent to Windows Event Log. Only the following events are logged:
NOTE:This preference requires SecureLogin 6.0 datastore if the value is changed. |
Yes |
Enable the New Login Wizard on the system tray icon |
Yes/No/Default |
This preference controls whether users can create multiple logins on the same application using the New Login > Add New Login option from the NetIQ SecureLogin icon on the notification area (system tray). If this option is set to Yes or Default, the New Login menu option is enabled and users can create multiple logins. If this option is set to No, New Login menu option is disabled and users cannot create multiple logins. |
Yes |
Enforce passphrase use |
Yes/No/Default |
This preference forces users to set up a passphrase question and answer when SecureLogin is launched by a user for the first time. If this option is set to Yes, users must complete setting up their passphrase before they proceed with any other activity on the workstation. If this option is set to No or Default, users can postpone setting up the passphrase. If the users clicks Cancel or closes the dialog, then SecureLogin does not start. |
No |
Enter API license key(s) |
Specify API license key(s) |
Specify the API license key(s) provided by SecureLogin to activate the API functionality for an application. You can add more than one API license key. |
Specify the API license key |
Obscure Show Password > (seconds) |
Integer value in seconds |
Restricts the password display time when you click the Show Password button in the local interface. |
30 |
Password protect the system tray icon |
Yes/No/Default |
This preference restricts the users from accessing the NetIQ SecureLogin icon menu option (from the notification area (system tray) without their network login password. When set to Yes, the SecureLogin icon on the notification area password protected. When set to No or Default, the SecureLogin icon on is not password protected. This preference is available in both SecureLogin client and the administrative management utilities (SLManager and MMC snap-ins). NOTE:Always select the Synchronize NDS password with Universal Password option when NMAS is used. |
No |
Provide API Access |
Yes/No/Default |
This preference controls the API functionality use. If this option is set to Yes, the API access is enabled. If this option is set to No or Default, the API access is disabled. This preference is available in both SecureLogin client and the administrative management utilities (SLManager and MMC snap-ins). |
No |
Stop walking here |
Yes/No/Default |
This preference controls the inheritance of settings from higher level containers or organizational units. If this option is set to Yes, the inheritance of settings from higher level containers or organizational units is disabled. Set the option to Yes during phased upgrades when higher levels might have a different version of SecureLogin implemented. If this option is set to No or Default, the inheritance of settings from higher level containers or organizational units is enabled. This preference does not apply when SecureLogin is installed in eDirectory environment. The Corporate redirection functionality; that is, the inheritance settings from higher level container or organizational units is bypassed in an eDirectory environment. |
No |
Use Passphrase Policy |
Yes/No/Default |
This preference controls if users can set passphrase policies using administrative management tools.If this option is set to Yes, then the users can set or edit the passphrase policies using any of the supported administrative management tools (iManager, MMS, or slManager). If this option is set to No or Default, the users cannot set or edit the password policies. |
|
Table 3-4 Java Preferences
Preference |
Possible Values |
Description |
Default Value |
---|---|---|---|
Add application prompts for Java applications |
Yes/No/Default |
This preference prompts to add a Java application for defining the application definition. When set to No, the Add Application window is not launched when you launch any Java application. |
Yes |
Allow single sign-on to Java applications |
Yes/No/Default |
This preference controls whether SecureLogin allows SSO for Java applications. If the preference is set to Yes or Default, SecureLogin prompts the user to enter credentials (if none already exist), or submits existing credentials on the Java application login page. If this option is set to No, Java applications are not enabled for SSO. This preference is available in both SecureLogin client and administrative management utilities (SLManager and MMC snap-ins). |
Yes |
Table 3-5 Web Preferences
Preference |
Possible Values |
Description |
Default Value |
---|---|---|---|
Add application prompts for Internet Explorer |
Yes/No/Default |
This preference controls the display of the Web login detection wizard and confirmation dialog box when a Web application is detected and recognized by Internet Explorer. If you select Yes or Default, the user is initially prompted to enable the application and enter the credentials for the application (if not done previously). NOTE:Setting the preference to Yes when displayed to users depends on the settings of the Wizard mode preference. On subsequent runs of the application, the user is not prompted for credentials and SSO occurs seamlessly. If you select No, SecureLogin skips enabling the application for SSO, the user is never be prompted to enable the application. This preference is available in both SecureLogin client and administrative management utilities (SLManager and MMC snap-ins). |
Yes |
Add application prompts for Mozilla Firefox |
Yes/No/Default |
This preference controls the display of Web login detection wizard and confirmation dialog box when a Web application is detected and recognized by Mozilla Firefox. NOTE:Setting the preference to Yes when displayed to users depends on the settings of the Wizard mode preference. If you select Yes or Default, the user is initially prompted to enable the application and enter the credentials for the application (if not done previously). On subsequent runs of the application, the user is not prompted for credentials and SSO occurs seamlessly. If you select No, SecureLogin skips enabling the application for SSO for this instance. You are prompted to enable the application when you launch it the next time. This preference is available in both SecureLogin client and administrative management utilities (SLManager and MMC snap-ins). |
Yes |
Add application prompts for Google Chrome |
Yes/No/Default |
This preference controls the display of Web login detection wizard and confirmation dialog box when a Web application is detected and recognized by Google Chrome. NOTE:Setting the preference to Yes when displayed to users depends on the settings of the Wizard mode preference. If you select Yes or Default, the user is initially prompted to enable the application and enter the credentials for the application (if not done previously). On subsequent runs of the application, the user is not prompted for credentials and SSO occurs seamlessly. If you select No, SecureLogin skips enabling the application for SSO on this instance. You are prompted to enable the application when you launch it the next time. This preference is available in both SecureLogin Client Utility and administrative management utilities (SLManager and MMC snap-ins). |
Yes |
Add application prompts for Microsoft Edge |
Yes/No/Default |
This preference controls the display of Web login detection wizard and confirmation dialog box when a Web application is detected and recognized by Microsoft Edge. NOTE:Setting the preference to Yes when displayed to users depends on the settings of the Wizard mode preference. If you select Yes or Default, the user is initially prompted to enable the application and enter the credentials for the application (if not done previously). On subsequent runs of the application, the user is not prompted for credentials and SSO occurs seamlessly. If you select No, SecureLogin skips enabling the application for SSO on this instance. You are prompted to enable the application when you launch it the next time. This preference is available in both SecureLogin Client Utility and administrative management utilities (SLManager and MMC snap-ins). |
Yes |
Add application prompts for web pages on mutation |
Yes/No/Default |
This preference controls the display of Web login detection wizard and confirmation dialog box when a Web application includes mutation events. NOTE:Setting the preference to Yes when displayed to users depends on the settings of the Wizard mode preference. If you select Yes or Default, the user is not prompted to enter the credentials on the subsequent web pages that include mutation events but initially is prompted to enable the application and enter the credentials for the application (if not done previously). If you select No, SecureLogin skips enabling the application for SSO for the web pages that include mutation events. This preference is available in both SecureLogin client and administrative management utilities (SLManager and MMC snap-ins). |
No |
Allow HTML Authentication single sign-on to Google Chrome |
Yes/No/Default |
This preference defines SSO access to HTML Authentication requests using Google Chrome. If you select Yes or Default the specified credentials are saved and the application is enabled for SSO. If you select No, SecureLogin skips enabling the application for SSO for this instance. You are prompted to enable the application when you launch it the next time. This preference is available in both SecureLogin client and administrative management utilities (SLManager and MMC snap-ins). |
Yes |
Allow HTML Authentication single sign-on to Microsoft Edge |
Yes/No/Default |
This preference defines SSO access to HTML Authentication requests using Microsoft Edge. If you select Yes or Default the specified credentials are saved and the application is enabled for SSO. If you select No, SecureLogin skips enabling the application for SSO for this instance. You are prompted to enable the application when you launch it the next time. This preference is available in both SecureLogin client and administrative management utilities (SLManager and MMC snap-ins). |
Yes |
Allow HTML Authentication single sign-on to Mozilla Firefox |
Yes/No/Default |
This preference defines SSO access to HTML Authentication requests using Mozilla Firefox. If you select Yes or Default the specified credentials are saved and the application is enabled for SSO. If you select No, SecureLogin skips enabling the application for SSO for this instance. You are prompted to enable the application when you launch it the next time. This preference is available in both SecureLogin client and administrative management utilities (SLManager and MMC snap-ins). |
Yes |
Allow single sign-on to Internet Explorer |
Yes/No/Default |
This preference defines SSO access to web application using Internet Explorer. If you select Yes or Default, the specified credentials are saved and the application is enabled for SSO. If you select No, SecureLogin does not prompt for credentials (if none exist or are incorrect) and does not submit credentials into the application. This preference is available in both SecureLogin client and administrative management utilities (SLManager and MMC snap-ins). |
Yes |
Allow single sign-on to Mozilla Firefox |
Yes/No/Default |
This preference defines SSO access to Web application using Mozilla Firefox. If you select Yes or Default the specified credentials are saved and the application is enabled for SSO. If you select No, SecureLogin does not prompt for credentials (if none exist or are incorrect) and does not submit credentials into the application. This preference is available in both SecureLogin client and administrative management utilities (SLManager and MMC snap-ins). |
Yes |
Allow single sign-on to Google Chrome |
Yes/No/Default |
This preference defines SSO access to Web application using Google Chrome. If you select Yes or Default the specified credentials are saved and the application is enabled for SSO. If you select No, SecureLogin does not prompt for credentials (if none exist or are incorrect) and does not submit credentials into the application. This preference is available in both SecureLogin Client Utility and administrative management utilities (SLManager and MMC snap-ins). |
Yes |
Enable DHTML monitor on web pages |
Yes/No/Default |
This preference enables SSO for web pages that require DHTML script. You can enable or disable the DHTML setting. For DHTML applications that depend on mutation events, Add application prompts for web pages on mutation must be set to Yes to SSO to the application. |
Yes |
Enable WebSSO defined applications as allowlist |
Yes/No/Default |
This preference allows user to enable WebSSO defined applications as allowlist. When set to No or Default, the allowlist rules are not applied. When set to Yes, the allowlist rules are applied, that is, other web applications are not taken into consideration for Wizard auto prompting and Single Sign-On (SSO). You can use Add Application to override the preference and still consider applications for Wizard auto prompting and SSO. |
No |
Start the Flash monitor/automation worker |
Yes/No/Default |
This preference starts the flash SSO process. |
No |
Table 3-6 Windows Preferences
Preference |
Possible Values |
Description |
Default Value |
---|---|---|---|
Add application prompts for Windows applications |
Yes/No/Default |
This preference controls the display of a Windows login detection and confirmation message when a Windows application is detected and recognized. If you select Yes or Default, the user prompted to enable the application and to enter the credentials for the application (if not done previously). On subsequent runs of the application, the user is not prompted for credentials and SSO occurs seamlessly. This preference is available in both SecureLogin client and administrative management utilities (SLManager and MMC snap-ins). |
Yes |
Allow single sign-on to Windows applications |
Yes/No/Default |
This preference defines SSO access to Windows applications. If you select Yes or Default the specified credentials are saved and the application is enabled for SSO. If you select No, SecureLogin will not prompt for credentials (if none exist or are incorrect) and will not submit credentials into the application. This preference is available in both SecureLogin client and administrative management utilities (SLManager and MMC snap-ins). |
Yes |
Allow single sign-on to Windows applications using DotNet automation worker |
Yes/No/Default |
This preference allows single sign-on to Windows applications using the DotNet automation worker. If this preference is set to No or Default, the windows application is not single signed-on by the DotNet automation worker. If the preference is set to Yes, Windows applications are single signed-on by the DotNet worker. |
|
Start the Windows 32bit (WinSSO32) monitor/automation worker |
Yes/No/Default |
This preference starts the WinSSO32 process. |
Yes |
Start the Windows 64bit (WinSSO64) monitor/automation worker |
Yes/No/Default |
This preference starts the WinSSO64 process for Windows on a 64-bit machine. |
Yes |
NOTE:To apply the changes, restart SecureLogin.
Table 3-7 Wizard preferences
Preference |
Possible Values |
Description |
Default Value |
---|---|---|---|
Show Add Application wizard with minimal actions |
Yes/No/Default |
This preference controls displaying the prompt for SSO with minimum options. If you set this preference to Yes, the Add Application wizard displays the following options:
If you set this preference to No then, the default options are displayed to SSO to the application. |
No |
Skip the wizard process and use defaults for new forms |
Yes/No/Default |
This preference controls the wizard process. If you set this preference to Yes, then the default wizard selections are applied for all the pages of the application and you can switch between the panes instead of making changes sequentially. |
No |
Wizard mode |
Administrator/User/Disabled |
This preference controls that access to the application definition wizard. If this option is set to Administrator, it gives users’ complete access to the application definition wizard. Users can create their own application definitions. If this option is set to User, users are only allowed to create new login credential sets for new applications using the auto-detection settings. If this option is set to Disabled, the application definition wizard is not launched. NOTE:This preference requires SecureLogin 6.0 datastore if the value is changed. |
Administrator |