Enterprise SSO Extension

In the Applications section, you can add and configure applications integrated with the ESSO module, as well as set additional settings, if required.

Prerequisites

Before adding an application:

1. Configure the Enterprise Single Sign-On module.
2. Register a license in Management Console.
3. Prepare a template for the application.

Add an application

1. In the Management Console sidebar from the Settings area, select Applications.

2. Click Add an application.

3. In the Add an application window, select the Enterprise SSO integration module and the application template file, then click Create.

After the template is successfully uploaded, a page with application settings appears.

Adding to policy

To apply the application settings for users, add the application to a policy. To add an application to a policy, you must register license for this module.

To add an application to a policy:

1. Go to the Policies section.
2. Select a policy from the list.
3. In the policy card, go to the Applications tab.
4. Click Add an application.
5. From the drop-down list, select the application.
6. Click Add.

The application appears in the list of added applications.

Add an account

To set the user data that are applied when logging in to the ESSO application, add an account.

1. In the Management Console sidebar, open the Policies section.
2. Select a policy.
3. Go to the Applications tab.
4. To open the application integrated with the ESSO module, click the name of this application.
5. Click Add an account.
6. In the Credentials type field, select the type:
   • Individual: Each user has their own account to log in to the application.
   • Active Director: User data from Active Directory is used for login.
   • Linked: An account that is linked with one of the already existing accounts. Within one policy, you can synchronize accounts from different applications. This way you can have numerous applications with identical credentials. For linked accounts, you can only make changes in the account of the root application, rather than editing each entry separately.
   • Shared: All users have a single account to log in to the application.
7. In the Description field, enter a description of the account that is displayed in Management Console.
8. Configure the remaining settings depending on the selected credential type. If settings are already defined in the application template, these settings appear in Management Console automatically, but they cannot be edited.
9. Click Save.

The added account appears in the list of accounts for the application.

Set the authentication method

1. In the Management Console sidebar, open the Policies section.
2. Select a policy.
3. Go to the Applications tab.
4. To open the application integrated with the ESSO module, click the application name.
5. In the Available authentication methods section, select which methods can be used to log in to the integrated application.
6. Click Save.

Optional settings

Change general information

1. In the application card on the General information tab, click Edit.
2. Change the application name or description.
3. Click Save.

Upload a logo

1. In the application card on the General information tab in the Logo section, click Upload.

   The supported formats are JPG and PNG/ The maximum size is 512KB.

2. Select a file.

3. Click Upload.

Upload/download a template

1. In the application card on the ESSO template tab, click Upload a template.
2. In the ESSO template window, click Select a file.
3. Select a file.
4. Click Upload template.

To download the currently used template, click Download a template. The template becomes available in the Downloads folder.

Add an administrator

You can assign an administrator who will have access only to limited application settings. This user has the following rights:

• View all application settings in the Applications section.
• Add accounts for the application in the policy card.
• Add accounts for the application in the user profile.

To add an administrator:

1. Go to the Administrators tab.

2. In the Object type field, select the type:

   • User
   • Group

3. In the Location field, select the object location. It can be the entire user catalog or a separate container.

4. In the Name field, enter the full name or part of the name for search.

5. Click Search.

6. Select the object and click Add.

Create a shortcut for quick launch

For the application quick launch, you can create a shortcut that becomes available in the ESSO Agent context menu in the system tray.

To create a shortcut:

1. Go to the Shortcuts tab.

2. Click Add a shortcut.

3. In the window that appears, configure the following settings:

   • In the Description field, specify additional information for a shortcut that you create.
   • In the Type field, select Command line.
   • In the Address field, specify the full path to the executable file for the desktop application or the path to the browser executable file and the URL for web application.
   Desktop

   C:\TestFolder\Test.App.exe
   
   Web

   "%ProgramFiles%\\Internet Explorer\\iexplore.exe" "https://full_dns/am/core/testapps/logon.html"
   

4. Click Add.

   Information

   If label parameters are specified when creating the template, these parameters automatically appear on the Labels tab.

Configure password policy

You can also configure a policy for password generation when changing it in the application.

To set up a password policy:

1. Go to the Password policy tab.
2. In the Minimum password length field, specify the minimum number of password characters.
3. In the Maximum number of occurrences of each character field, specify the number of occurrences of characters from the character group. To use this parameter, you need to create a character group.
4. Click Add a group.
5. In the Group type field, select the suggested character types or a custom group. When adding a custom group, specify your character group in the Group characters field.
6. In the Number of characters field, specify the number of characters.
7. Click Add. The added character group appears in the groups list.
8. Click Save.

Modify a client module

In the Client modules section, specify the target URL of the application or the path to the executable file. The value of this parameter is included in the application template. If required, this value can be changed.

To modify a client module:

1. Select the client module and click Edit.
2. Change the URL or path to the executable file.
3. If you need to use a regular expression, in the Use regular expression option, select Yes.
4. Click Save.

Configure user data caching

This setting allows enabling user data caching on the local computer for the Windows Logon component and applications integrated with the Enterprise Single Sign-On module.

If this setting is enabled for applications, you can log in to the system using an authenticator even without the physical network connection. If there is no connection, cached user data is used.

You can enable user data caching in either in policy settings or individually for each user.

If a user is affected by a policy, you cannot change caching settings individually.

For more information about enabling this setting, see User data caching.