ActivIdentity Secure Log in Single Sign-On Wizard Administration Guide

ActivIdentity SecureLogin Single Sign-On
Application Definition Wizard Guide
Version 6.2 | Released | November 23, 2009
ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide
P2
Table of Contents
Chapter 1: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Product Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5 About Application Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5 About the Application Definition Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6 Application Definition Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Chapter 2: Application Definition Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Layout of the Application Definition Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8 Application Screen Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9 Logon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Change Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Other. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Attribute Panels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10 General Controls and Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13 Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Test. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 OK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Apply. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Cancel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Selecting and Identifying Screens and Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14 Choose and Show Me . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Recording Keystrokes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Matching Regular Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Chapter 3: Using the Application Definition Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Opening the Application Definition Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17 Auto-Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Start the Wizard from the ActivIdentity SecureLogin Icon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Start the Wizard from the Personal Management Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Wizard Default Selections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19 Predefined Application Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20 Enabling Web Applications using Firefox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22 Enabling Oracle Forms Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22 Chapter 4: Enabling Application Screens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Managing Application Screens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
External Use | November 23, 2009 | Product Version 6.2 | 2009 ActivIdentity
P3
Add a New Application Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Rename an Application Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Delete an Application Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Incomplete Screens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Logon Screens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26 Identify Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Credential Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Identify Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Submit Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Re-authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Matching Criteria. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Logon Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44 Identify Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Notification Handling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Submit Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Matching Criteria. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Change Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49 Identify Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 Identify Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Password Generation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Password Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Submit Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Matching Criteria. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Change Password Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57 Identify Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Submit Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Notification Handling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Matching Criteria. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Other . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61 Identify Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Identify Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Submit Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Matching Criteria. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Chapter 5: Testing Application Screens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Chapter 6: Modifying Application Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Chapter 7: Wizard Mode Preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Changing the Wizard Mode Preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75
P4
Chapter 8: Deploying Application Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Chapter 9: Compatibility with Other Versions of ActivIdentity SecureLogin . . . . . . . . . . . . . . . . . . . . . 77 Earlier Versions of ActivIdentity SecureLogin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77 Earlier Application Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77 Manually Created or Edited Application Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78 Chapter 10: Tips and Hints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Auto-Detection of Multiple Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79 Using Show Me to Highlight Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79 Dynamic Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79 User Name and Password Fields Not Populating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79 Matching Criteria for Web Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80 Citrix Published Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80 COM Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80 Chapter 11: Application Definition Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Create a Logon Form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81 Create a Logon Notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83 Create a Change Password Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89 Create a Change Password Notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94
P5
Chapter 1: Introduction
Chapter Contents
5 5 6 Product Overview About Application Definitions About the Application Definition Wizard
This guide describes how to configure and use the ActivIdentity SecureLogin Single Sign-On Application Definition Wizard. The instructions in this guide are applicable on all supported platforms. The specific examples in this guide use Windows Vista workstation in a Microsoft Active Directory environment, with a directory server managed through an administration workstation. If you need assistance, contact ActivIdentity Support for help. For information about installing ActivIdentity SecureLogin Single Sign-On, administrators should see the installation guide for their directory environment. For information about configuring and managing ActivIdentity SecureLogin Single Sign-On, administrators should see the ActivIdentity SecureLogin Single Sign-On Administration Guide.
Product Overview
This document is for:
End users with access the Application Definition Wizard System and network administrators System integrators IT support staff with a good understanding of Windows operating systems and management tools (Active Directory, Management Console, Group Policy and LDAP)
ActivIdentity SecureLogin is the single sign-on solution that provides users with a single, secure logon for accessing corporate resources from dedicated or shared workstations. For end users, ActivIdentity SecureLogin eliminates the need to remember multiple user name/password combinations beyond their initial network logon. It stores user credentials and automatically enters them when required. For organizations, ActivIdentity SecureLogin helps to reduce help desk costs, and improve both network security and user productivity. For complete product details, see the ActivIdentity SecureLogin Single SignOn Overview.
About Application Definitions

Application definitions specify how ActivIdentity SecureLogin interacts with an application or web page using your single sign-on (SSO) credentials. An application definition is essentially a list of instructions that ActivIdentity SecureLogin follows in order to perform various tasks upon an application or web page. In an application definition, you are able to assign different instructions to each dialog box or screen that an application or web site might produce. You have the choice of acting upon only the logon page, only selected windows or pages, or on every window or page produced by the application or web site. ActivIdentity SecureLogin provides predefined application definitions for many commercial applications. To SSO-enable other applications or web sites, you can use the Application Definition Wizard to help create a definition or you can write one manually.
P6
About the Application Definition Wizard

Notes for Users
System administrators can choose to restrict user access to the Application Definition Wizard. This guide generally assumes you have full access, the default setting. However, you might only be allowed to create new logons for new applications, or you might have no access. See "Changing the Wizard Mode Preference" on page 75.
The Application Definition Wizard guides you through the creation of new application definitions using a straightforward and intuitive interface. When ActivIdentity SecureLogin recognizes a logon dialog box of an undefined application, it asks you whether you want to create an application definition and, if yes, guides you through the options in a question-andanswer format.
Note for Administrators

Application definitions created by the wizard are stored in XML format in the directory user object of the current user.
Notes
You can only define one application at a time with the wizard. The ActivIdentity SecureLogin has detected a password field on this screen dialog box is not displayed if the Application Definition Wizard or Management Utility are already open.
The Application Definition Wizard supports Windows applications, Web applications and Java application. You can also use the Application Definition Wizard to modify existing application definitions. The ability to create tailored application definitions is a powerful feature and the Application Definition Wizard makes it easy. You can use application definitions to: Retrieve and enter logon details. Application definitions are stored and secured within the directory to ensure maximum security, support for single-point administration, and manageability. Automate many logon processes, such as multi-page logons and logon panels requiring other information that you can also store in the directory (such as surnames, telephone numbers or IP addresses). Application definitions can include commands to automate password changes on behalf of users and to request user input when required.
Modifying Definitions
You cannot modify the predefined application definitions supplied with ActivIdentity SecureLogin using the wizard. You can only modify those you created with the wizard and have been granted permission to edit. Predefined application definitions can be edited manually. You can only edit definitions created using this version of the wizard. If a definition was created with a previous version of the wizard (as available in ActivIdentity SecureLogin 6.0 or 6.1), it cannot be edited with the wizard. Previous definitions can be edited manually.
For a full description of the Application Definition Wizard and its screens, see Chapter 2, "Application Definition Wizard," on page 8.
P7
Application Definition Methods

To create application definitions using the wizard, you can: Accept the default selections made by the Application Definition Wizard. See "Wizard Default Selections" on page 19. Use a predefined application definition to simplify logging on to a broad range of applications. See "Predefined Application Definitions" on page 20. Allow the wizard to guide you through the complete definition process, asking whether you want to single sign enable an application or web page and prompting you for the required information at each step. The Application Definition Wizard is capable of creating complex application definitions, dealing with advanced scenarios or different types of application screens that an application presents. See Chapter 4, "Enabling Application Screens," on page 23.
P8
Chapter 2: Application Definition Wizard

Chapter Contents
8 9 10 13 14 Layout of the Application Definition Wizard Application Screen Types Attribute Panels General Controls and Messages Selecting and Identifying Screens and Controls
This chapter describes the Application Definition Wizard and its components.
Layout of the Application Definition Wizard

The Application Definition Wizard displays three related groups of controls. Application screens Different screens within the application or web site that have been ActivIdentity SecureLogin-enabled using the Application Definition Wizard are listed on the left under the heading Application Screens. For further information, see "Application Screen Types" on page 9. Attribute panels The attributes of the application definition for the selected screen are detailed on the right under the title of that screen. For further information, see "Attribute Panels" on page 10. General controls and messages These are located at the bottom of the wizard. For further information, see "General Controls and Messages" on page 13.
P9
Application Screen Types

Application screens that have been ActivIdentity SecureLogin-enabled using the Application Definition Wizard are listed on the left under the heading Application Screens. The wizard can help you develop application definitions for: Logon screens Logon notification screens Change password screens Change password notification screens Other screens
The wizard leads you through a series of questions specific to each screen type. Your answers become the specifications of the new application definition.
P 10
Logon
The logon screen corresponds to the applications own logon screen asking for your user name and password. In more advanced scenarios, ActivIdentity SecureLogin can be configured to: Handle more controls, such as check boxes, radio buttons, or drop-down lists. Use another credential source, such as your network credentials, a smart card-based OTP, credentials from another application, or credentials based on very specific information displayed on the logon screen. Enforce re-authentication to specific applications for additional security. Force users to store their credentials within ActivIdentity SecureLogin.
Change Password
The wizard can automate periodic changing of passwords. You can choose to let users select their own passwords or have ActivIdentity SecureLogin generate passwords. In either case, you can use a password policy to maintain security, and the new password will be stored in ActivIdentity SecureLogin when it has been changed successfully.
Notifications
The wizard can configure handling of: Logon notification screens - used to inform users that an event has occurred while logging on, for instance, that a user name and password do not match. This notification can then be configured to display all or part of the credentials to the user to be updated. Change password notification screens - used to inform users whether they have changed their password successfully. ActivIdentity SecureLogin uses this notification to update its credentials for that application with the new password. If there is no notification, ActivIdentity SecureLogin prompts the user for confirmation before updating its credentials.
Other
In this form type can be defined any form that does not rely on or use credentials. This can be automated navigation through menus or dismissal of an application prompt, for instance.
Attribute Panels
The attribute panels on the right of the Application Definition Wizard refer to different aspects of ActivIdentity SecureLogins interaction with the screen or notification selected on the left of the wizard. You simply need to work through these panels, answering questions as you go to create your application definition. The attribute panels are described in detail in Chapter 4, "Enabling Application Screens."
P 11
Note
Panels display in two different layouts: Questions and answers as you are guided you through the definition process. Summary of the selected options when you review the definition at the end of the process.
The attribute panels varying according to the type of application screen. They include a combination of the following: Identify Screen Credential Source (Logon screens only) Identify Fields Notification Handling Submit Options Re-authentication (Logon screens only) Matching Criteria Password Generation (Change Password screens only) Password Policy (Change Password screens only)
If the wizard opens automatically after detecting a logon screen, it opens at the panel for "Credential Source" on page 27. Otherwise it opens at "Identify Screen" on page 27. When you are building an application definition, attribute panels can only be opened in order from top to bottom as you complete each step. Completed panels are marked with a tick and displayed in color.
You can re-open a completed panel by clicking on it. Panels that cannot be opened because prerequisite steps are incomplete are dimmed to show they are unavailable.
P 12
Each attribute panel has an area at the top containing descriptive help text. Click on the expander to expand or collapse the help text as needed.
When you have completed an attribute panel, the next panel becomes available. Click on the title of completed attribute panels to review your previous decisions, or click on one of the following general controls to finish using the wizard.
P 13
General Controls and Messages

General controls and messages are grouped together at the bottom of the wizard.
Help
Clicking on the Help button or pressing F1 on your keyboard opens the Help for the wizard. This can be done at any stage.
Test
Note
When you click Test, OK, or Apply, your data is synchronized and saved to the directory.
Completed application definitions can be tested. When you click Test, the wizard minimizes and the Testing Application Definition Console opens. If you then open your application, the console displays a log of fields identified and actions taken by ActivIdentity SecureLogin as it works through your application definition. The log can be used to review or troubleshoot the application definition. See Chapter 5, "Testing Application Screens," on page 65. If necessary, contact ActivIdentity Support for assistance.
P 14
OK
Note for Administrators
The application definition is saved to the directory object of the current user. You can create and test an application definition using a test account before copying it for distribution.
Clicking OK saves any changes you have made to the application definition and close the wizard.
Apply
Clicking Apply saves any changes you have made to the application definition and leaves the wizard open for further editing.
Cancel
Clicking Cancel closes the wizard without saving any changes you have made. Unsaved changes will be lost.
Selecting and Identifying Screens and Controls

Choose Icon Focus
When you select a screen with the Choose icon, make sure that no other application occupies the whole desktop display.
Choose and Show Me

You identify application windows and web pages, as well as specific controls and fields within those windows or pages, by dragging the Choose icon to them. The wizard moves behind all other windows while you make your selection. To confirm which control has been identified, click the Show me icon to highlight an identified control. The wizard flashes a thick red line outlining the control in the application screen or web page.
Note
Some applications might take slightly longer than others to display their interface when highlighted.
ActivIdentity SecureLogin detects standard Windows screens and user interface elements. If you cannot choose or highlight a control, your application might use a unrecognized or proprietary framework. In this case, ActivIdentity SecureLogin suggests that you record keystrokes to navigate to fields or controls.
Recording Keystrokes
ActivIdentity SecureLogin can record keystrokes to facilitate navigation or enter particular commands. The keystrokes can define how to access and handle controls in applications using proprietary controls, specific user interfaces, or dynamic controls that would otherwise be difficult to identify. You can record keystrokes wherever an action must be done, credentials updated, or a screen submitted.
P 15
Together, these features mean the Application Definition Wizard can handle a broad range of single sign-on requirements. All of these options are explained in Chapter 4, "Enabling Application Screens."
Important
CTRL+ALT+DEL cannot be recorded and cancels the collection of keystrokes.
You can choose: Navigate to field using keystrokes to navigate between control fields that ActivIdentity SecureLogin has to interact with. Type the following keystrokes to define the commands that ActivIdentity SecureLogin enters as part of the application definition (for example, typing on the logon button).
Note
If you select the Navigate to field using keystrokes option, you cannot leave the keystroke edit box empty.
In either case, the method of recording keystrokes is the same. 1. To record the keystrokes, click Record. A dialog box prompts you to select the appropriate screen and record your keystrokes.
2. When you have navigated to the required field or entered the necessary commands, click Close. The dialog box closes and you are returned to the Application Definition Wizard, with the Keystrokes recorded displayed.
P 16
You cannot type directly into the Keystrokes recorded text box. It only displays recorded keystrokes. If you make a mistake, click Record again to record a new sequence of keystrokes. When a script is played, ActivIdentity SecureLogin enters the user name first and password second. Consequently, when you are recording keystrokes for the password, remember that the starting point for the cursor is the user name field.
Matching Regular Expressions

Some ActivIdentity SecureLogin dialog boxes give you the option of specifying text ActivIdentity SecureLogin needs to match to identify an application screen. This is another option for uniquely identifying a particular application screen.
The text must be entered as a regular expression. Regular expressions are text patterns that are used for string matching. They contain a mix of plain text and special characters to indicate what kind of matching to do. If you are testing your regular expression in the wizard and it does not match any controls on the particular application screen, ActivIdentity SecureLogin prompts you to check your regular expression and ensure the correct control is selected. Special characters in your regular expression might need to be escaped. For further information about using regular expressions within ActivIdentity SecureLogin, see the ActivIdentity SecureLogin Single Sign-On Application Definition Guide.
P 17
Chapter 3: Using the Application Definition Wizard

Chapter Contents
17 19 20 22 Opening the Application Definition Wizard Wizard Default Selections Predefined Application Definitions Enabling Web Applications using Firefox Enabling Oracle Forms Applications
This chapter describes how to open the Application Definition Wizard and provides general procedures for its use in greater detail, moving beyond using the default settings. The ability to create tailored application definitions is a powerful feature and the Application Definition Wizard makes it easy. At every stage of the process, you are able to choose more advanced options to make the application definition exactly match your requirements. A full description of every function of the wizard is available in Chapter 4, "Enabling Application Screens."
22
Opening the Application Definition Wizard

There are several ways to open the Application Definition Wizard. In most instances the wizard opens automatically when it detects a new logon screen. You can also choose to create or modify application definitions using the wizard to automate the handling of notification screens including prompts to change your password and error messages.
Auto-Detection
Auto-detection is often used by administrators to create a simplified logon procedure that allows users to single sign-on enable an application using ActivIdentity SecureLogin in just two clicks. If ActivIdentity SecureLogin automatically detects a logon dialog box, it asks you whether you want to single sign-on enable that application or Web site.
Citrix Applications
The wizard cannot detect Citrix published applications. Run the application on your workstation to create an application definition.
P 18
Notes
If a Windows application is already up and running before ActivIdentity SecureLogin starts, the wizard proposes to enable the application or directly run the script if application is already defined. Auto-detection only applies only to logon forms. If you want to define other forms (such as notifications or change password), you need to start the wizard manually. See "Start the Wizard from the ActivIdentity SecureLogin Icon" on page 18. The resulting application definition can be edited or tested using the wizard if you have been granted permissions. See "Testing Application Screens" on page 65 or "Modifying Application Definitions" on page 68 for further guidance on application definitions, and "Changing the Wizard Mode Preference" on page 75 to learn about permissions. You can only define one application at a time with the wizard.
Either: Click Yes to have ActivIdentity SecureLogin automatically create an application definition using the default settings. An application definition is created to handle the user name and password fields and submit button automatically identified by the wizard. Follow the wizard instructions to enable the application for single sign-on. All the steps are pre-filled by the wizard's default selection and you can accept the definition as it is. If the dialog contains several controls that require your input, the wizard asks to check the different steps to ensure that no action is forgotten in the definition. For further information, see "Wizard Default Selections" on page 19. Click No, not this time to cancel the use of the wizard this time. The next time ActivIdentity SecureLogin detects the application logon dialog box, you are prompted again. Click No, never prompt me to single sign this screen to stop ActivIdentity SecureLogin prompting to enable this application again.
Start the Wizard from the ActivIdentity SecureLogin Icon

The auto-detection dialog box does not display if the Application Definition Wizard or Management Utility are already open. To start the wizard manually: 1. Right-click on the ActivIdentity SecureLogin icon in the Windows notification area and select New Application to create a new application definition.
Editing Existing Definitions

You can also start the wizard by editing an existing definition. Right-click on the ActivIdentity SecureLogin icon and select Open. For further information, see Chapter 6, "Modifying Application Definitions," on page 68.
2. Drag and drop the Choose arrow you want to create a definition.
to select the application for which
P 19
Alternatively, if a definition exists for this application but not for the specified form, you are asked if you want to single sign-on enable the screen you pointed to. Click Yes or No according to your requirements.
Start the Wizard from the Personal Management Utility

1. Open the Personal Management Utility. 2. Select an application and either: Click New. Right-click and select New.
Wizard Default Selections

If ActivIdentity SecureLogin detects a logon dialog box, it asks you whether you want to single sign-on enable that application or Web site.
1. Click Yes. ActivIdentity SecureLogin automatically creates an application definition. If the logon form is simple enough (it does not contain too many controls that might require configuration), the wizard pre-populates the definition with its default selection. As a consequence, the different panels are already validated (ticked ). You can accept the pre-selection and save the definition as it is, or you can review the default selection and modify the settings to personalize the definition. If the logon form is complex, the wizard requires that you validate the definition, step by step, to ensure that no requirement is missed.
P 20
2. Validate the pre-selected configuration or modify the definition accordingly. Using the wizard allows you to review and confirm that the correct fields and buttons have been identified. You are prompted to enter your credentials.
3. Enter your logon credentials and click OK. ActivIdentity SecureLogin stores those credentials and automatically logs on to that application when it is opened in the future. Note
Predefined application definitions cannot be edited with the Application Definition Wizard, they can only be edited manually.
Predefined Application Definitions

ActivIdentity SecureLogin comes with predefined application definitions for many commercial applications. When one of these applications is opened, ActivIdentity SecureLogin prompts you to single sign enable it and automatically use the predefined application definition.
P 21
1. Click Yes. ActivIdentity SecureLogin applies the predefined definition. Instead of opening the wizard, you are automatically prompted to enter your credentials.
2. Enter your logon credentials and click OK. ActivIdentity SecureLogin stores those credentials and automatically logs on to that application when it is opened in the future.
P 22
For further information about the predefined application definitions (including the list of available definitions), see the ActivIdentity SecureLogin Single SignOn Overview. Note
Depending on how the application was created, a script created on Firefox might not work on Internet Explorer. You might need to create two application definitions.
Enabling Web Applications using Firefox

The Mozilla Firefox Authentication Required dialog box should not be single sign-on enabled using the wizard. If you wish to enable a web application using Firefox, simply select the Remember this login with ActivIdentity SecureLogin check box. ActivIdentity SecureLogin automatically creates and stores an application definition and the user is never be prompted to enter their credentials again.
Enabling Oracle Forms Applications

If your Oracle Forms application is based on JRE 1.5 or higher, then the Application Definition Wizard will automatically detect the application, as it does for Java applications. If your Oracle Forms application is based on Jinitiator 1.3.1 or higher, then the Application Definition Wizard cannot automatically detect the application. Instead, it will create an application definition with the list of all controls detected in the application, that you can leverage by editing the definition script. For further information, see the ActivIdentity SecureLogin Single Sign-On Application Definition Guide (Appendix A).
P 23
Chapter 4: Enabling Application Screens

Chapter Contents
23 26 44 49 57 61 Managing Application Screens Logon Screens Logon Notifications Change Password Change Password Notifications Other
This chapter contains a comprehensive description of the options in every attribute panel of the Application Definition Wizard.
Managing Application Screens

The application screen panels are grouped by functionality in the wizard.
Notifications Screens for Web Applications

For web pages (normal and java plug-in), the effectiveness of logon and change password notifications is limited. They might cause the application definition to fail.
Panels and controls are displayed progressively by the wizard, with advanced options only displayed if you choose to use them: "Logon Screens" on page 26 "Logon Notifications" on page 44 "Change Password" on page 49 "Change Password Notifications" on page 57 "Other" on page 61
Add a New Application Screen

To add a new screen or notification to the list, you can either: Use the New menu to select the type of item to add.
P 24
Right-click on the form type and click New.
P 25
Right-click on an existing form name and click New. You can also delete or rename a form using this method.
New screens or notifications are saved to the directory when you click Test, Apply or OK. The entry for the new screen or notification displays under the appropriate heading and you can begin working on it in the attribute panels on the right.
Rename an Application Screen

You can rename the entry by clicking on it a second time after selecting it (slowly clicking twice, not double-clicking) or right-clicking and clicking Rename.
Delete an Application Screen

You can delete an entry for a screen or notification from the list by selecting it and then clicking the cross button or right-clicking and selecting Delete.
P 26
There is no undo after deleting an entry. All details and attributes are removed. Also, if you click Cancel before you have finished a new application definition, all unsaved changes will be lost.
Incomplete Screens
New and incomplete screens and notifications are marked with a red exclamation point. Complete the application definition by working sequentially through the attribute panels on the right.
Logon Screens
In order to uniquely identify and handle logon screens, ActivIdentity SecureLogin needs to: Identify the logon screen of the application. Determine or define the credentials that will be used to log on to the application. Identify the fields that are used to enter the credentials. Identify how the logon screen is submitted.
P 27
Determine whether you wish to use any optional settings such as re-authentication. Check that it can identify the screen uniquely, if necessary further criteria can be defined.
The wizard works through these steps to develop an application definition.
Identify Screen
ActivIdentity SecureLogin needs to identify the logon screen of any application or web page that you want to enable. You can make or change the selection of a logon screen using the Identify screen panel.
Select the logon screen by dragging the Choose icon on to it, as described in "Selecting and Identifying Screens and Controls" on page 14. The title of the logon screen is displayed on the attribute panel. Clicking Show me highlights the identified logon screen.
Credential Source
You can choose which credentials ActivIdentity SecureLogin provides to an application on the Credential source panel.
P 28
You can only have one credential set for an application. Changes to credentials made on any application screen handled by the application definition are applied to all other screens of that application. If a second logon screen is enabled with different credentials from the first, those credentials will replace the originals.
If you select Yes, ActivIdentity SecureLogin creates a discrete set of credentials to enable this application or web page. The credential set is named after the application. If you select No. This application uses credentials from another source, you are presented with a choice of other credential sources.
P 29
One-Time Password for Web Applications

If One-Time Password is selected as the Credential source for a web application, only the synchronous mode is available. The challenge-response option is not displayed.
The options are: A one-time password from a smartcard. Select this option to use a one-time password from a smart card. If the authentication mode is asynchronous (challenge-response), ActivIdentity SecureLogin must read the challenge value from a field on that screen. Select This is a challenge-response token, then choose the field on the application or web page by dragging the Choose icon and clicking Show me, as described in "Selecting and Identifying Screens and Controls" on page 14.
The user's network login credentials. Select this option to use the users directory credentials to log on to this application or web page.
Another ActivIdentity SecureLogin enabled application.
P 30
Select this option to use the credentials of another SSO-enabled application by selecting the application from the list displayed in the wizard.
ActivIdentity SecureLogin selects credentials based on a value identified on this screen. Where the logon information required by an application or a web page can be determined from the presence of a particular value on the logon screen, then that text can be specified here. Select the field using the procedure described under "Selecting and Identifying Screens and Controls" on page 14.
Regular expressions are supported in the text. To learn more about using regular expressions in ActivIdentity SecureLogin, see the ActivIdentity SecureLogin Single Sign-On Application Definition Guide. A simple example of a regular expression is:
Connecting to server (.*)
The (.*) specifies the value that must be captured to define the credentials, meaning you have one credential set for each regular expression value. The credential set is named after the regular expression value.
Identify Fields
You can review or change the selection of fields ActivIdentity SecureLogin uses to log on to an application or web page on the Identify fields panel.
P 31
If you select Yes, ActivIdentity SecureLogin uses the fields it has detected and selected by default and lead you to the next step. If you select No. Let me select or review the logon fields, you can review and confirm the fields identified by the wizard. The name of each field identified is displayed. By default, ActivIdentity SecureLogin uses the field names as the prompts in its own dialog boxes, but you can edit these to be clearer or more user-friendly. If they have not been identified correctly, you can identify them manually by dragging the Choose icon onto the fields and clicking Show me, as described in "Selecting and Identifying Screens and Controls" on page 14.
Note
If the label text for the control is empty or incorrect: Click Show me to check that the selected control is correct If Show me does not highlight the expected control, then update it using the drag and or drop Choose icon Navigate... option The selection using the Choose icon might not update the label if the application is built without ordering labels in accordance with controls. You can update the control label manually. This corresponds to the field's prompt that will be displayed to user when prompting to enter the credentials.
P 32
Select Treat field as sensitive field to treat the user name field like a password field and disguise the characters entered with asterixes. This is optional for the user name but set and fixed for the password. Select Navigate to field using keystrokes if you are having difficulty identifying the correct field using other methods.
Single Field Logon Screens

If the form contains only one field (for example, password but no username), then clear the Navigate to field using keystrokes option that corresponds to the username field.
Click Record, select the logon screen when prompted by the dialog box, and navigate to the relevant field before closing the dialog box to record
P 33
Primary Controls
When the wizard retrieves default controls, such as username and password, the controls are described as primary controls on the top of the Identify fields pane. These controls are also listed with all the other controls in the All fields section of this pane and are selected by default. If you set the control definitions for these primary controls using the All fields section, the top part of the pane is also updated accordingly. If these controls are selected by default in the top part of the page and you change them by using the Navigate to field using keystrokes option, the username and password sections are grayed out. To make them available again, you must clear the Navigate option and then manually select them with the Choose icon .
your keystrokes, as described in "Selecting and Identifying Screens and Controls" on page 14. ActivIdentity SecureLogin prompts you to use Navigate to field using keystrokes if it cannot identify the fields on the logon screen. All Fields 1. Click on the All fields expander to show other fields that were detected by the wizard on this screen. Each control is listed by type and name (if known). 2. Select each field you would like ActivIdentity SecureLogin to use in managing the logon for this application, then specify the actions ActivIdentity SecureLogin should undertake with the field.
Edit Box If a text box is detected, you can use the Action drop-down list to configure ActivIdentity SecureLogin to: Ask the user to enter a value into field. Use the value selected below for all users.
If you select Ask the user to enter a value into field, you need to specify a User-Friendly Name and the text used to Prompt users to enter a value.
P 34
Note
If you select Remember first value entered, ActivIdentity SecureLogin saves the first value entered in this field by the user and automatically enter it on all subsequent logons.
The User-Friendly Name is also used as the variable name in the ActivIdentity SecureLogin Personal Management Utility. Select Treat field as sensitive field to treat the user name field like a password field and disguise the characters entered with asterixes. If you select Use the value selected below for all users, you must type the text ActivIdentity SecureLogin should enter.
Check Box If a check box is detected, you must use the action Use the value selected below for all users to select whether the check box is checked or not.
Combo Box If a drop-down list box or any other kind of combination box is detected, you can use the Action drop-down list to configure ActivIdentity SecureLogin to: Use the value selected below for all users. Ask the user to select from the list that the application presents.
If you select Use the value selected below for all users, you must specify the option ActivIdentity SecureLogin should select. The Values detected in the list box drop-down list contains the values ActivIdentity SecureLogin has retrieved from the application combo box.
P 35
This is the only option available for combo boxes in web applications.
If you select User is to select from the list the application presents, you need to specify a name for the value and the text used to Prompt users to make the choice. This option is not available for web applications.
Note
Select Treat field as sensitive field to treat the value of the variable defined by the user-friendly name like a password field and disguise the characters entered with asterixes within the ActivIdentity SecureLogin Personal Management Utility.
If you select Remember the value the user selects and do not prompt again, ActivIdentity SecureLogin stores and automatically enters this value into this screen in the future.
P 36
Radio Buttons If a radio button is detected, you must use the action Use the value selected below for all users to select whether the radio button is selected or not.
Submit Options
Use these options to tell ActivIdentity SecureLogin how to submit the logon screen.
If you select Yes, you must specify what action ActivIdentity SecureLogin should take, either clicking a button or typing certain keystrokes, as described in "Selecting and Identifying Screens and Controls" on page 14. If you select No. User submits the screen, ActivIdentity SecureLogin does nothing and the user must submit the logon screen manually.
P 37
Note
If the label text for the control is empty or incorrect: Press Show me to check that the selected control is correct. If Show me does not highlight the expected control, then update it the drag and drop Choose icon or Navigate... option. The selection using the Choose icon might not update the label if the application is built without ordering labels in accordance with controls.
Using Keystrokes
If you are using keystrokes to define the Submit option, the application will submit and close if no credentials are provided. Re-open the application in order to complete the application definition with the wizard.
Enable Action When User Cancels to Enter Their Credentials If you select Enable action when user cancels to enter their credentials, users can be forced to store their credentials for this application or web page in ActivIdentity SecureLogin. If selected, you also need to define the action ActivIdentity SecureLogin takes when a user is prompted to save their credentials but chooses Cancel on the dialog box. By default, ActivIdentity SecureLogin cancels the logon screen. To define an alternative action, you can select Click this button that you have identified by dragging the Choose icon and clicking Show me, or you can Type the following keystrokes by clicking Record and recording your keystrokes, as described in "Selecting and Identifying Screens and Controls" on page 14.
P 38
For web applications, you also have a third option, Re-direct the user to this website. An edit box is displayed for you to enter the URL where user is redirected.
If not selected, users can close the ActivIdentity SecureLogin dialog box and log on to the application manually.
Re-authentication
You can choose whether ActivIdentity SecureLogin prompts users to reauthenticate (with their network credentials or authentication device) before using an application's credentials. This second strong authentication can provide an extra layer of security around certain applications.
If you select No, ActivIdentity SecureLogin will not re-authenticate users before supplying credentials to the application or web page. If you select Yes. Enforce re-authentication before accessing this application, you must specify which credentials ActivIdentity SecureLogin should use to re-authenticate the users identity.
P 39
You can select the method ActivIdentity SecureLogin should use to reauthenticate from the drop-down list: Smart Card Re-Authentication
The smart card re-authentication option is only available if smart card support is installed.
Use same credentials as network logon Password The network password. (Only available in Active Directory and ADAM/AD LDS modes.)
Smart card A smart card that ActivIdentity SecureLogin checks as belonging to the user after the PIN has been checked.
If you enable re-authentication, you also need to define the action ActivIdentity SecureLogin takes when a user is prompted for re-authentication but chooses Cancel on the re-authentication dialog box. ActivIdentity SecureLogin can: Click this button.
P 40
Choose a button on the application or web page that ActivIdentity SecureLogin should press when a user clicks Cancel on ActivIdentity SecureLogins re-authentication dialog box. By default, ActivIdentity SecureLogin cancels the logon screen. You can choose and highlight the button by dragging the Choose icon Important
You cannot record the following keystrokes, which are reserved by Windows: CTRL+ESC, posts a journal quit message CTRL+ALT+DEL, posts a journal quit message CTRL+BREAK, part of the journal quit code CTRL+SHIFT+ESC, not recorded.
and clicking Show me, as
described in "Selecting and Identifying Screens and Controls" on page 14. Type the following keystrokes. Define commands or key strokes ActivIdentity SecureLogin enters when a user presses Cancel on the re-authentication dialog box. Click Record to begin recording keystrokes. The wizard minimizes and a small dialog box displays a record of your keystrokes. Click Stop to end the recording and return to the wizard. If you need to change the keystrokes recorded, click Record again to make a new recording.
If you choose re-authentication in the logon form, ActivIdentity SecureLogin only applies re-authentication to the logon. For web applications, you also have a third option, Re-direct the user to this website. An edit box is displayed for you to enter the URL where user is redirected.
Note
Matching criteria are for the use of experienced users and administrators.
Matching Criteria
ActivIdentity SecureLogin must identify each application screen or web page uniquely to successfully run an application definition. If ActivIdentity
P 41
SecureLogin cannot uniquely identify a particular application screen or web page, you can customize matching criteria to assist ActivIdentity SecureLogin.
If you select Yes, ActivIdentity SecureLogin uses the rules defined in previous attribute panels to identify and handle an application screen. If you select No. I want to customize rules, the rules already defined are listed. You can add, modify, or remove rules. Your matching criteria must include at least one rule. You can check a rule by selecting it in the list and clicking Show me to confirm which control it corresponds to.
P 42
You can add a new rule by selecting the <Add a new rule> option and using the Choose icon on a specific control and clicking Show me to confirm that ActivIdentity SecureLogin has identified the correct control, as described in "Selecting and Identifying Screens and Controls" on page 14, and then clicking Add. You can modify a rule for a control by selecting the rule and editing the matching rules for that specific control. The matching rules are: ActivIdentity SecureLogin is to match the value displayed. ActivIdentity SecureLogin only matches screens that exactly match the displayed text and other rules identified.
ActivIdentity SecureLogin is to match specific part of the identified control. You must use a regular expression to define the screen features to match.
P 43
Click Test Match to check that your regular expression is correct.
Remove Option
The Remove option is only available if the rule you want to remove is not linked to a previous panel definition. For example, you cannot remove the rule associated to the logon button presence as this button is defined in the submit option.
If your regular expression does not match any controls on the particular application screen, ActivIdentity SecureLogin prompts you to check your regular expression and ensure the correct control is selected. Special characters in your regular expression might need to be prefixed by \. For further information about regular expressions, see the ActivIdentity SecureLogin Single Sign-On Application Definition Guide. You can delete a rule by selecting it in the list and clicking Remove. After making changes, you can check that all the matching rules are still valid by dragging the Choose icon on to the logon screen again. You can use this test even if you have not customized rules.
P 44
Logon Notifications
A logon notification is a message that the application might present after ActivIdentity SecureLogin has submitted credentials to notify you about the result of that action. An example is an error message stating that an incorrect password has been entered. You can define how ActivIdentity SecureLogin handles logon notifications in your application definition.
To handle logon notifications ActivIdentity SecureLogin needs to: Note

A logon notification cannot be created if a logon form is not defined.
Identify the logon notification screen. Determine how to handle the notification. Present credentials to the user for updating when required. Identify how the logon screen is submitted. Check that it can identify the screen uniquely, if necessary by defining further criteria.
Identify Screen
ActivIdentity SecureLogin needs to identify the logon notification screen for this application. You can make or change the selection of a logon notification screen using the Identify screen panel by dragging the Choose icon to it, as described in "Identify Screen" on page 27 when discussing logon screens.
P 45
Notification Handling
You must specify how ActivIdentity SecureLogin should respond when a logon notification screen is displayed.
Click Yes to prompt the user to enter all their credentials again. ActivIdentity SecureLogin prompts with the notification from the application. Click No. Let me select the appropriate credentials to select which credentials to display to the user for updating and enter a customized prompt or error message for users.
P 46
Web Application Logon Errors

For web applications, if the error is included and displayed on the logon page, it might be difficult to create a logon notification as the screen identification criteria will be very similar to the ones for the logon page. To cater for this configuration, ActivIdentity SecureLogin detects that the same web page is displayed in a very short time frame and interprets it as a logon notification error. You will automatically be prompted to reenter your credentials.
If you select this option, you must type in the Notification prompt text box, the prompt or message you want displayed that replaces the notification from the application. You must also highlight which Credentials the user will be asked to update. The new credentials the user enters will be used to update ActivIdentity SecureLogins credential set for this application. If you select Enable action when user cancels to enter their credentials, you must specify what action ActivIdentity SecureLogin should take if the user cancels the ActivIdentity SecureLogin prompt. The default action is for ActivIdentity SecureLogin to cancel. Alternatively, you can choose either to click a button or type certain keystrokes, as described in "Selecting and Identifying Screens and Controls" on page 14.
P 47
For web applications, you also have a third option, Re-direct the user to this website. An edit box is displayed for you to enter the URL where user is re-directed.
Submit Options
Use these options to tell ActivIdentity SecureLogin how to submit the logon notification screen, as described in "Submit Options" on page 36 when discussing logon screens.
Matching Criteria
If ActivIdentity SecureLogin cannot uniquely identify a particular logon notification screen automatically, you can customize matching criteria, as described in "Matching Criteria" on page 40 when discussing logon screens.
P 48
If you select No. I want to customize rules, you can use regular expressions to identify nearly identical dialog boxes, such as those counting down the number of incorrect password attempts before locking an account. For example: When the original logon notification message is:
A regular expression is defined so that the logon notification matches when the displayed message is modified to "Invalid username and/or password. 1 attempt until your account is locked."
P 49
The corresponding matching rule is then: ActivIdentity SecureLogin is to match specific part of the identified control The Match text is "Invalid username and/or password\.*"
Change Password
Application definitions can also include instructions for changing passwords for an application. ActivIdentity SecureLogin can automatically generate new
P 50
Note
If Change Password attributes have been set but not Change Password Notification attributes, then after you change your password ActivIdentity SecureLogin asks you Has the password been successfully changed? before updating the credential set with your new password if it has been changed successfully.
passwords that match your password policies or you can allow users to select passwords. You can also customize the change password prompts that are displayed to users. To change passwords ActivIdentity SecureLogin needs to: Identify the change password screen. Identify the fields that are used to enter a new password. Determine whether the user or ActivIdentity SecureLogin generates the new password, and whether there is a password policy. Identify how the change password screen is submitted. Check that it can identify the change password screen uniquely, if necessary by defining further criteria.
Identify Screen
ActivIdentity SecureLogin needs to identify the change password screen for this application. You can make or change the selection of a change password screen using the Identify screen panel by dragging the Choose icon on to the screen, as described in "Identify Screen" on page 27 when discussing logon screens.
P 51
Identify Fields
You can make or change the selection of fields ActivIdentity SecureLogin uses changing a password on the Identify fields panel. Note
If the label text for the control is empty or incorrect: Press Show me to check that the selected control is correct If Show me does not highlight the expected control, then update it using the drag and drop Choose or Navigate... option icon The selection using the Choose icon might not update the label if the application is built without ordering labels in accordance with controls.
If you select Yes, ActivIdentity SecureLogin uses the fields it has detected and selected by default and lead you to the next step. If you select No. Let me select or review the change password fields, you can review and confirm the fields identified by the wizard or identify fields manually if they were not correctly detected by the wizard by dragging the Choose icon and clicking Show me, as described in "Selecting and Identifying Screens and Controls" on page 14. There might be one or more password fields depending on the application.
P 52
Note
The fields displayed in the summary are also displayed in the "all fields" section and can be updated there. If your screen contains only two fields (or two password fields) then the only actions available are: Type existing password Type new proposed password
You can also Navigate to field using keystrokes if you are having difficulty identifying the correct field using other methods.
Click Record, select the change password screen when prompted by the dialog box, and navigate to the relevant field before closing the dialog box to record your keystrokes, as described in "Selecting and Identifying Screens and Controls" on page 14. Under all fields, you can also configure additional fields you would like to handle in this screen. For further information on how to handle the different control types, see "Identify Fields" on page 30.
Password Generation
ActivIdentity SecureLogin can automatically generate new passwords or you can allow users to enter passwords.
P 53
Note
If a password policy has not been defined, ActivIdentity SecureLogin generates a random password eight characters long.
Click Yes to have ActivIdentity SecureLogin generate new passwords when required. Click No. User chooses a new password to have ActivIdentity SecureLogin prompt users for a new password when required. If selected, you must also enter a customized Prompt message for users.
Password Policy
ActivIdentity SecureLogin can apply a password policy to new passwords. You can select an existing ActivIdentity SecureLogin password policy or create a new policy.
P 54
Click No to allow any password, whether generated by the user or ActivIdentity SecureLogin. ActivIdentity SecureLogin does not perform any validation of the password that has been entered against any policy. Click Yes. Let me specify the password rules to choose or create a password policy. All new passwords for that application submitted through ActivIdentity SecureLogin, whether generated by the user or ActivIdentity SecureLogin, are first validated by ActivIdentity SecureLogin against the policy. The drop-down list displays all password policies detected for the current user. Select an existing password policy or type a name in the combination box to begin creating a new policy.
P 55
An ActivIdentity SecureLogin password policy can have any combination of these rules: Minimum length Maximum length Minimum punctuation characters Maximum punctuation characters Minimum uppercase characters Maximum uppercase characters Minimum lowercase characters Maximum lowercase characters Minimum numeric characters Maximum numeric characters Disallow repeated characters Disallow duplicate characters Disallow sequential characters Begin with an uppercase character End with an uppercase character Prohibited characters Begin with any alpha character Begin with any number Begin with any symbol End with any alpha character End with any number End with any symbol
These options are explained further in the ActivIdentity SecureLogin Single Sign-On Administration Guide. You must use the ActivIdentity SecureLogin Management Utility to revise password policies, as described in the ActivIdentity SecureLogin Single SignOn Administration Guide. You cannot edit or delete password policies through the wizard. Select Enforce password history to stop users re-using a certain number of previous passwords.
P 56
Submit Options
Use these options to tell ActivIdentity SecureLogin how to submit the change password screen, as described in "Submit Options" on page 36 when discussing logon screens.
Matching Criteria
If ActivIdentity SecureLogin cannot uniquely identify a particular change password screen automatically, you can customize matching criteria, as described in "Matching Criteria" on page 40 when discussing logon screens.
P 57
Note
A Change Password Notification cannot be created if a change password form is not defined.
Change Password Notifications

A Change Password Notification is a message that the application might present after ActivIdentity SecureLogin has submitted the new password. This might be a confirmation or error message.
This notification is important for ActivIdentity SecureLogin to know whether the password has been changed successfully as it needs to update its credentials for that application when they are updated. If no change password notification is defined, then ActivIdentity SecureLogin prompts the user after changing a password to ensure it has been successful. Several notifications can be defined for an application. To handle change password notifications, ActivIdentity SecureLogin needs to: Identify the change password notification screen. Determine how the change password notification screen is dismissed. Check that it can identify the change password screen uniquely, if necessary by defining further criteria.
Identify Screen
ActivIdentity SecureLogin needs to identify the change password notification screen for this application. You can make or change the selection of a change password screen using the Identify screen panel by dragging the Choose icon on to the screen and clicking Show me, as described in "Selecting and Identifying Screens and Controls" on page 14.
P 58
Note
ActivIdentity SecureLogin updates the credentials for this application as soon as it has confirmed that the password has been changed successfully, whether automatically or by asking the user.
If you select This window is a change password successful notification, the next attribute panel asks you to define Submit options. If it is not selected, the next attribute panel asks you to define rules for Notification handling.
Submit Options
Use these options to tell ActivIdentity SecureLogin what to do when the change password notification is displayed.
Note
If the label text for the control is empty or incorrect, press Show me to check that the selected control is correct The selection using the Choose icon might not update the label if the application is built without ordering labels in accordance with controls.
P 59
Click Yes and then define what action ActivIdentity SecureLogin should take to automatically submit the screen. You can choose to click a button or record keystrokes, as described in "Selecting and Identifying Screens and Controls" on page 14.
Click No. User submits the screen to allow users to handle any change password notification screens.
Notification Handling
If a change password notification screen is not confirming that the password was changed successfully, you must define how ActivIdentity SecureLogin should handle the notification.
If you select Yes, you must define the actions ActivIdentity SecureLogin takes and enter a customized message that is displayed to the user after the change password notification screen is dismissed. You can choose to click a button or record keystrokes, as described in "Selecting and Identifying Screens and Controls" on page 14.
P 60
If you select No. User dismisses the notification, ActivIdentity SecureLogin displays the notification from the application and leave it to the user to action.
Matching Criteria
If ActivIdentity SecureLogin cannot uniquely identify a particular change password notification screen automatically, you can customize matching criteria, as described in "Matching Criteria" on page 40 when discussing logon screens.
P 61
Other
Use Other to define how the application definition handles any other application screens, such as splash screens, automating menu navigation, or redirecting users to a web site.
To handle other screens, ActivIdentity SecureLogin needs to: Identify the other screen. Identify the fields in that screen that must be handled by ActivIdentity SecureLogin. Identify how the other screen is submitted. Check that it can identify the other screen uniquely, if necessary by defining further criteria.
Identify Screen
ActivIdentity SecureLogin needs to identify the other screen for this application. You can make or change the selection of an other screen using the Identify screen panel by dragging the Choose icon on to the screen, as described in "Identify Screen" on page 27 when discussing logon screens.
P 62
Identify Fields
You can confirm or change the selection of fields ActivIdentity SecureLogin uses for other screens on the Identify fields panel.
By default, ActivIdentity SecureLogin does not select any fields on other screens. Everything has to be defined by the user. If the selected screen does not contain any controls, then this attribute panel is automatically ticked and users are taken to the Submit options. If you select No, then you are moved to the Submit options attribute panel. ActivIdentity SecureLogin takes no action.
P 63
If you select Yes. Let me select and configure the fields, then you must identify the controls you want ActivIdentity SecureLogin to handle and the actions it should take.
Note
If the label text for the control is empty or incorrect, press Show me to check that the selected control is correct The selection using the Choose icon might not update the label if the application is built without ordering labels in accordance with controls.
The actions that can be taken depend on the control types that are identified. The controls and actions are as described in "Identify Fields" on page 30 when discussing logon screens.
Submit Options
Use these options to tell ActivIdentity SecureLogin how to submit the other screen, as described in "Submit Options" on page 36 when discussing logon screens.
P 64
Matching Criteria
If ActivIdentity SecureLogin cannot uniquely identify an other screen automatically, you can customize matching criteria, as described in "Matching Criteria" on page 40 when discussing logon screens.
P 65
Chapter 5: Testing Application Screens

You can test an application definition after completing all the relevant attribute panels (all ticked ) for the application screen you want ActivIdentity SecureLogin to handle.
1. Click Test to open the Testing Application Definition Console. Note: When you click Test, OK, or Apply, your data is synchronized and saved to the directory. Only saved application definitions can be tested.
P 66
2. Close and re-open the application screen associated with the application definition you are testing. As ActivIdentity SecureLogin works through the application definition for that application the Testing Application Definition Console displays a log of the: Steps ActivIdentity SecureLogin has taken to match the application you have started with the application definition. If matched, the message Successfully matched. The credentials that are typed into the form and actions that are taken, as defined in the application definition.
P 67
The log can be used to review or troubleshoot the application definition; contact ActivIdentity Support if necessary for assistance. Click Clear to clear the log and continue testing. Click Cancel to close the Testing Application Definition Console and return to the Application Definition Wizard.
You can test any application definition developed with the Application Definition Wizard. You cannot test application definitions you have developed manually or with earlier wizards.
P 68
Chapter 6: Modifying Application Definitions

You can edit application definitions you have created or been granted permissions to using the Application Definition Wizard. You can add or change options, or add other screens and notifications generated by an application to its application definition. Predefined application definitions cannot be edited with the Application Definition Wizard, they can only be edited manually. To learn more about manually editing application definitions, see the ActivIdentity SecureLogin Single Sign-On Application Definition Guide. There are several ways you can open an existing application definition or begin defining rules to add another application screen to an existing application definition. You can right-click on the ActivIdentity SecureLogin icon in the Windows notification area and select New Application, then drag the Choose icon to an application screen that you want ActivIdentity SecureLogin to handle as part of the existing application definition.
If you have already created an application definition to handle that application screen, ActivIdentity SecureLogin asks Do you want to edit the existing application definition?
P 69
Click Yes to edit the existing definition using the wizard. Click No to cancel editing and continue using the existing definition. in the
You can right-click on the ActivIdentity SecureLogin icon Windows notification area and select Open.
a. When the ActivIdentity SecureLogin Personal Management Utility opens, navigate to the application whose application definition you wish to modify by expanding the menus on the left.
P 70
b. Click on the Definition tab on the right.
P 71
c.
Either: Double-click on an application screen name, or select it and click Edit Wizard to review or modify the options you have selected for handling that application screen. Double-click on another application screen type to add rules for handling another screen from that application to the application definition.
d. When the Application Definition Wizard opens, work through the attribute panels to either review and modify the existing rules for handling an application screen, or to define rules for handling another screen from that application. If your modifications prevent ActivIdentity SecureLogin from identifying a screen or control or you introduce contradictory rules, the tick adjacent to
P 72
the attribute panel title disappears and the application screen is marked as incomplete on the left. You should correct the application definition before saving it. Note
When you click Test, OK, or Apply, your data is synchronized and saved to the directory.
You can Test an application definition after completing all the relevant attribute panels for the application screen you want ActivIdentity SecureLogin to handle, as described in Chapter 5, "Testing Application Screens," on page 65. When you are finished, click OK to save your changes or Cancel.
P 73
Chapter 7: Wizard Mode Preference

Chapter Contents
75 Changing the Wizard Mode Preference
The Application Definition Wizard is installed as part of ActivIdentity SecureLogin Single Sign-On version 6.2 and later, and access to it is enabled by default. Access to the Application Definition Wizard is controlled by the ActivIdentity SecureLogin Wizard mode preference.
Notes
The Allow user to modify application definitions preference has precedence over the Wizard mode preference. If users are not allowed to modify application definitions, the wizard preference has no effect. ActivIdentity recommends that access to the Application Definition Wizard is restricted to administrators. The Wizard mode preference is not available in Stand-Alone mode.
The Wizard mode preference has three settings: Administrator, the default setting. This setting allows users full access to the Application Definition Wizard to create and edit their own application definitions. User. Users are only allowed to create new logon credential sets for new applications using the auto-detection settings, as described in "AutoDetection" on page 17. Specifically, at the prompt Do you want to single sign-on enable this screen?, the option Yes does not open the wizard but automatically creates an application definition with either the default selection made by the wizard or the predefined application definition.
P 74
Also, in the ActivIdentity SecureLogin Personal Management Utility, the Edit Wizard button is disabled, and the New Application command is not available from the ActivIdentity SecureLogin icon Windows notification area. menu in the
P 75
Disabled. This disables the launching of the wizard. The following prompts are disabled: All automatic prompts to single sign-on enable an application. The Edit Wizard button in the ActivIdentity SecureLogin Personal Management Utility. The New Application option normally accessed by right-clicking the ActivIdentity SecureLogin icon in the Windows notification area.
Changing the Wizard Mode Preference

1. To access the Preferences properties open the Administrative Management Utility through either the: Active Directory Users and Computers snap-in. Windows Start menu. Point to All Programs, point to ActivIdentity, point to SecureLogin, and then click ActivIdentity SecureLogin Manager.
The Administrative Management Utility is displayed. 2. Navigate to Preferences, click General, scroll to the Wizard mode preference and select the desired option.
3. Click OK to save your preferences or Cancel.
P 76
Chapter 8: Deploying Application Definitions

When the Application Definition Wizard is used to create an application definition, that definition is stored in the creators user object in the directory. ActivIdentity recommends that access to the Application Definition Wizard is restricted to administrators. Administrators can create and test application definitions using a test account before copying them for general distribution. For information about deploying and distributing application definitions, see the ActivIdentity SecureLogin Single Sign-On Administration Guide. For information about manually editing and creating application definitions, see the ActivIdentity SecureLogin Single Sign-On Application Definition Guide.
P 77
Chapter 9: Compatibility with Other Versions of ActivIdentity SecureLogin

Chapter Contents
77 77 78 Earlier Versions of ActivIdentity SecureLogin Earlier Application Definitions Manually Created or Edited Application Definitions
Earlier Versions of ActivIdentity SecureLogin

The Application Definition Wizard is designed for ActivIdentity SecureLogin version 6.2 and later. Application definitions created with the wizard are not directly compatible with earlier versions of ActivIdentity SecureLogin Single Sign-On. If you wish to use an application definition developed with the wizard in an earlier version of ActivIdentity SecureLogin Single Sign-On, you must open the Personal Management Utility, select the application definition, and click Convert to Application Definition. The resultant application definition can be manually edited and exported to the earlier version of ActivIdentity SecureLogin.
Other wizards included in earlier versions of ActivIdentity SecureLogin Single Sign-On are superseded by the Application Definition Wizard and are no longer available.
Earlier Application Definitions

Application definitions created using ActivIdentity SecureLogin Single Sign-On version 6.1 or earlier can be used with this version but cannot be edited using the Application Definition Wizard.
P 78
To edit application definitions created by earlier versions of ActivIdentity SecureLogin, you must use manual editing. If you wish to be able to edit a particular application definition using the wizard, the earlier application definition must be removed from the directory before using the Application Definition Wizard to create a new definition for that application.
Manually Created or Edited Application Definitions

Application definitions that are created or edited manually cannot later be edited using the Application Definition Wizard, but application definitions created by the wizard can be exported for manual editing.
P 79
Chapter 10: Tips and Hints

Chapter Contents
79 79 79 79 80 80 80 Auto-Detection of Multiple Controls Using Show Me to Highlight Controls Dynamic Controls User Name and Password Fields Not Populating Matching Criteria for Web Applications Citrix Published Applications COM Applications
Auto-Detection of Multiple Controls

When ActivIdentity SecureLogin automatically detects a typical application logon screen with a user name field, password field and submit button, the Application Definition Wizard launches and pre-fills all the options with its default selected controls and nominal action. Each definition node is then marked as ticked (green check mark icon ) so that user can immediately accept the definition and run it. However, if the logon screen is more complex for instance offering users a choice to log on to different networks by configuring combo boxes then ActivIdentity SecureLogin pre-fills the different options with its default control selection but require the user to review each option individually to ensure that no action is forgotten. In that case, each definition node is marked as incomplete, and user needs to validate each one of them to single sign-on enable the application. Using the Application Definition Wizard gives users the opportunity to review and if necessary edit the selections made by the wizard to ensure that the application definition meets their requirements. Alternatively, you can proceed with the default selections by the wizard and modify the application definition later if necessary; see "Modifying Application Definitions" on page 68.
Using Show Me to Highlight Controls

If you click Show me to highlight a control while building an application definition, as described in "Selecting and Identifying Screens and Controls" on page 14, and two screens are open containing that control and matching the criteria for that application, ActivIdentity SecureLogin highlights both.
Dynamic Controls
You can use the Window Finder tool to identify whether your application uses dynamic controls. To learn how to use the Window Finder tool, see the ActivIdentity SecureLogin Single Sign-On Application Definition Guide. If your application uses dynamic controls, ActivIdentity recommends you use Navigate to field using keystrokes to select and populate those fields. See "Selecting and Identifying Screens and Controls" on page 14.
User Name and Password Fields Not Populating

If you have defined an application definition but ActivIdentity SecureLogin is not populating the user name and password fields when that application is started: Check that the fields are correctly identified. See "Selecting and Identifying Screens and Controls" on page 14. Use the Test button to walk through your application definition step by step. See "Testing Application Screens" on page 65. Check the matching criteria. See "Matching Criteria" on page 40.
P 80
Use Navigate to field using keystrokes when the matching criteria validate but the user name and password fields are not populating. See "Selecting and Identifying Screens and Controls" on page 14.
Matching Criteria for Web Applications

When you highlight an application screen using Show me, as described in "Selecting and Identifying Screens and Controls" on page 14, ActivIdentity SecureLogin does not consider the page text matching rule to uniquely identify the web page. This is to improve performance identifying and highlighting controls inside the wizard. Once the application has been fully defined, the page text matching rule is taken into account when the script is run outside the wizard.
Citrix Published Applications

The ActivIdentity SecureLogin Application Definition Wizard cannot detect Citrix published applications. You must run the application on a workstation to create an application definition using the wizard. For information about using ActivIdentity SecureLogin with Citrix and Terminal Services, see the ActivIdentity SecureLogin Single Sign-On Installation and Deployment Guide for Citrix and Terminal Services.
COM Applications
The ActivIdentity SecureLogin Application Definition Wizard cannot differentiate between a COM application (where Internet Explorer is the top parent) prompt and that of a genuine Internet Explorer prompt. To create an application definition for COM applications, you must extend the default Internet Explorer script or create a new one based on the Internet Explorer model.
P 81
Chapter 11: Application Definition Example

Chapter Contents
81 83 89 94 Create a Logon Form Create a Logon Notification Create a Change Password Definition Create a Change Password Notification
This chapter provides an example of the application definition process using the Application Definition Wizard. In this example, ASTrainer.exe is the application for which the definition is to be created.
Create a Logon Form

1. Start ASTrainer.exe.
ActivIdentity SecureLogin detects the logon screen and an automatic prompt is displayed.
P 82
2. Click Yes. ActivIdentity SecureLogin detects that it is a simple application form so it automatically fills the required fields:
3. Click OK and close the wizard. You are prompted to enter your credentials.
P 83
4. Enter your credentials and click OK. You are automatically logged on to the application.
Create a Logon Notification

1. Start ASTrainer.exe and enter the wrong credentials in order to display the following message.
2. Right-click on the ActivIdentity SecureLogin icon notification area and select New Application.
in the Windows
P 84
3. Drag the Choose icon
to the error message.
4. Click Yes.
P 85
5. Click Yes.
6. Click Yes.
P 86
7. Use the Show me default.
to verify that the correct control is selected by
8. Select the Matching criteria bar.
P 87
To complete the definition, click Yes.
Alternatively you can configure this notification to handle the different attempt counter. To do so, click No. I want to customize rules in the initial Matching criteria screen or choose the Customize rules option.
P 88
9. In the Rules section, select Text field.... 10. Configure the Match Text to take into account the counter.
11. To test the rule, click Test Match. 12. Click OK.
P 89
Create a Change Password Definition

1. Log on to the application. 2. Start the applications change password process.
in the Windows
to the change password dialog.
P 90
5. Click Yes.
6. Click Yes.
P 91
7. Click Yes.
8. Click No.
P 92
9. Click Yes.
P 93
12. Click Yes and then OK. 13. Close and restart the change password dialog to run the newly created application definition for the change password form. ActivIdentity SecureLogin automatically generates a new password and submits it to the application. As no change password notification form has been created for this application, the following message is displayed.
P 94
14. Click Yes to update your password correctly in the directory and stay synchronized with the application.
Create a Change Password Notification

The application itself displayed a notification that can be SSO-enabled. Next time you change the application password, ActivIdentity SecureLogin will not prompt to confirm that the password was changed successfully.
in the Windows
to the change password notification message.
P 95
3. Click Yes.
P 96
4. Verify that the This window is a change password successful notification option is selected. 5. Click the Submit options bar.
6. Click Yes.
P 97
P 98
9. Click Yes.
10. Click OK to complete the definition process. 11. Open the management console and view the summary of the application definition.
P 99
P 100
Legal Disclaimer Americas US Federal Europe Asia Pacific Email Web +1 510.574.0100 +1 571.522.1000 +33 (0) 1.42.04.84.00 +61 (0) 2.6208.4888 info@actividentity.com www.actividentity.com Trademarks: ActivIdentity, ActivIdentity (logo), and/or other ActivIdentity products or marks referenced herein are either registered trademarks or trademarks of ActivIdentity in the United States and/or other countries. The absence of a mark, product, service name or logo from this list does not constitute a waiver of the ActivIdentity trademark or other intellectual property rights concerning that name or logo. The names of actual companies, trademarks, trade names, service marks, images and/or products mentioned herein may be the trademarks of their respective owners. Any rights not expressly granted herein are reserved.

ActivIdentity Secure Log in Single Sign-On Wizard Administration Guide

Uploaded by

Copyright:

Available Formats

You might also like

ActivIdentity Secure Log in Single Sign-On Wizard Administration Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ActivIdentity Secure Log in Single Sign-On Wizard Administration Guide

Uploaded by

Copyright:

Available Formats

ActivIdentity SecureLogin Single Sign-On

Application Definition Wizard Guide

Version 6.2 | Released | November 23, 2009

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

About Application Definitions

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

About the Application Definition Wizard

Note for Administrators

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

Application Definition Methods

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

Chapter 2: Application Definition Wizard

Layout of the Application Definition Wizard

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

Application Screen Types

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

General Controls and Messages

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

Selecting and Identifying Screens and Controls

Choose and Show Me

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

Matching Regular Expressions

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

Chapter 3: Using the Application Definition Wizard

Opening the Application Definition Wizard

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

Start the Wizard from the ActivIdentity SecureLogin Icon

Editing Existing Definitions

to select the application for which

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

Start the Wizard from the Personal Management Utility

Wizard Default Selections

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

Predefined Application Definitions

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

Enabling Web Applications using Firefox

Enabling Oracle Forms Applications

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

Chapter 4: Enabling Application Screens

Managing Application Screens

Notifications Screens for Web Applications

Add a New Application Screen

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

Right-click on the form type and click New.

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

Rename an Application Screen

Delete an Application Screen

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

ActivIdentity SecureLogin Single Sign-On | Application Definition Wizard Guide

The wizard works through these steps to develop an application definition.