Adding a web page to your Single Sign On solution

Evidian E-SSO allows you to only have to remember one password for all of your applications. The solution is built for a seamless User Experience. Indeed you will not need to modify any of your applications or need to code a particular script.

The SSO studio integrates multiple forms of scripts adapted to different types of applications.
The SSO studio allows you to detect new applications, either web based, desktop as well as legacy applications.

The goal of Evidian E-SSO is to be easily configurable by anyone inside the organization. Thus adding an application to your SSO engine will be possible for anyone among your company.

Every collaborator may add his own web applications, and can do so in a few clicks.

Interface Overview

Main Window Interface

Enterprise SSO Studio presents target application parameters as SSO objects organized in a tree structure.

Enterprise SSO Studio enables you to create, modify or delete objects and to store them in an LDAP directory (LDAP mode) or in an Enterprise SSO configuration file (local storage mode). It is a "single-document" application (only one configuration can be edited at a time):

  • In Enterprise SSO Studio used in LDAP storage mode, the displayed tree corresponds to the associated LDAP directory defined at initialization time.

The following screenshot illustrates an interface example of Enterprise SSO Studio used in LDAP storage with Controller.

In LDAP mode, the objects can be created anywhere the administrator has object-creation rights.

The LDAP administrator is responsible for ensuring that the structure has a branch reserved for the management of EAM objects.

As the objects are created directly in the LDAP directory, the directory must be accessible when Enterprise SSO Studio is being used.

  • In Enterprise SSO Studio used in local storage mode, or in Personal SSO Studio, the tree displayed is not linked to an LDAP directory.

The following screenshot illustrates an interface example of Personal SSO Studio.

In local storage mode, the configuration is defined with a root node called Local Enterprise SSO Configuration, to which two other nodes are attached: Applications and Configuration Objects, used for EAM object declarations.

Main Window Areas

The Enterprise SSO Studio main window is composed of:

  • A menu bar.
  • A toolbar offering shortcuts to some menu bar options, as described in the following table. The toolbar appearance depends on the SSO Studio mode used (Without and with Controller, LDAP/File storage, Personal/Enterprise).
  • A workspace showing a tree structure that allows you to select elements and to perform actions directly by double-clicking the objects or using a popup menu for each object.

Defining Applications and Technical Definition Objects

  • Without Controller, SSO Studio allows you to entirely configure Application objects.

An application object implies the definition of:

  • An application name as shown in Enterprise SSO Studio and in Enterprise SSO, and some options regarding the access rights for this object.
  • Parameters that associate this application with the SSO data in the security system.
  • Access strategy (in registry or personal configuration modes), or assignment to user groups (in LDAP mode); the application profile should be defined for each association to a user group.

Enterprise SSO Studio allows you to create application objects with some predefined parameters for SAP and Windows applications

  • With Controller, Enterprise SSO Studio allows you to configure Technical Definitions.
    A Technical definition object is a technical description of an application, and particularly to produce single sign-on in a EAM environment. The application configuration must then be completed in the administration console (see Evidian EAM Console - Guide de l'administrateur).

Creating/Modifying Application Objects and Technical Definitions

Creating a New Application Object or Technical Definition

Subject

For Application objects, Enterprise SSO Studio allows you to use templates to create SAP and Windows application objects.

The Template Application item allows you to create an Application object with a number of pre-defined parameters. They are used for specific authentication scenarios. The predefined template applications are:

  • SAP, for SAP R/3 application authentication (for more details, see Section 6., "The SAP R/3 Plug-in").
  • Windows, for authentication to an external LDAP directory.

Template applications are managed in the same way as Application objects. They enable the Single Sign-On feature for specific authentication procedures. An application template has a number of predefined parameters.

The following procedure explains how to create a new technical definition or application (with or without template).

Procedure

  • In the Enterprise SSO Studio main window, do one of the following:
  • To create a new application or technical definition: Right-click the node where you want to create a new Application or Technical Definition and click New Application or New Technical Definition.
  • To create a new application using a template: Click the node where you want to create a new template application and in the Edit menu, click New Template-based Application/SAP or Windows.
  • The Application properties window appears.
  • Fill-in the Application properties window (or modify it in case of template application)

Modifying an Application Object or Technical Definition Configuration

Subject

The following procedure explains how to modify the properties of an existing Application Object or Technical Definition.

Procedure

  • In the Enterprise SSO Studio main window, right-click the Application or Technical Definition you want to modify and click Properties.
  • The Application properties window appears.

Fill-in the Application properties window

Filling-in the Application Properties Window

"Properties" Tab of an Application Object

The Properties tab described in this section only appears if you use Enterprise SSO Studio without Controller, or Personal SSO Studio.

The Properties tab of an Application Object allows you to define the basic parameters of an Application.

  • Application Name and Account label
  • Application name: this field will be displayed in the objects tree of Enterprise SSO Studio and in the data collection and account management dialog boxes of Enterprise SSO.
  • Account label: fill-in this field for this label to be suggested when the account is first created and at first collection. This field will be displayed in Enterprise SSO as well as in all the SSO data collection windows and in the user account management window.
  • Session management
    Indicates whether all the application’s windows depend on the same application instance.
  • OLE/Automation
    Grants OLE/Automation access to this application (and all the associated security objects) through the OLE/Automation interface of Enterprise SSO. For greater security, you can enter a password. This password will have to be provided by the OLE client. See Section 10., "OLE/Automation Interface".
  • Options
  • Enable this application (this option is selected by default)
    If this option is cleared, Enterprise SSO will ignore this application. This is used to temporarily disable an application without deleting it from the configuration file.
  • Try previous password when "bad password" windows detected
    If this option is selected, the fields are filled with the last valid password at "bad password" detection (this can be useful if the password change is not immediately taken into account by the application).
  • User must provide credentials
    This check box only appears in Access Collector mode.
    If this check box is cleared, the user will be able to cancel the collect (or the BadPassword) window that appears when he launches an application.

"Properties" Tab of a Technical Definition Object

The Properties tab described in this section only appears if you use Enterprise SSO Studio with Controller.

The Properties tab of a Technical Definition object allows you to define the basic parameters of a Technical definition.

  • Identification
    The Technical Definition name. This field will be displayed in the objects tree of Enterprise SSO Studio.
  • Session management
    Indicates whether all the application’s windows depend on the same application instance.
  • Try previous password when "bad password" windows detected
    If this option is selected, the fields are filled with the last valid password at "bad password" detection (this can be useful if the password change is not immediately taken into account by the application).

 

 Defining Window Objects

Since window objects are subordinated to Application or Technical definition objects, the window objects can only exist if they are associated with an application object.

Procedure

  • In the Enterprise SSO Studio main window, right-click the application for which you want to define a window object and click New Window.
  • The Window Properties window appears.
  • Fill-in the Window Properties window as described in the following sections:
  • The Detection and Actions tabs are described in the sections of this guide that are related to the "plug-in types", as their content depends on the selected window type.

The "General" Tab

The General tab allows you to give a name to the window object and to set its type (the type cannot be modified once the window has been created).

  •  
  • Window Name
    By default, this field is automatically filled-in with the name of the selected Window Type. It is recommended to enter a name clearer than the default name.
  • Window Type
    Displayed Window types are loaded from the different Enterprise SSO plug-ins. The following table shows the window types provided by the different plug-ins and their associated technology:

The Window Type Description area displays the description of the selected window type.

 

The "Options" Tab

The Options tab allows you to define the following elements:

  • Specific detection conditions to trigger the SSO when the window appears (Detection criteria area).
  • Enterprise SSO execution options to carry out SSO (Execution Options area).
  • Advanced SSO options (Advanced options area).