Using the Client Login Extension Configuration utility, you can configure the Client Login Extension MSI files for installing the Extension. These MSI files are used to install the Client Login Extension on Windows workstations.
The Client Login Extension MSI files are available in a number of different languages. You must configure the Client Login Extension file for each language, including English, before it can be used.
The Client Login Extension Configuration utility is available in the <CD_ROOT>/CLE folder. Here, CD_ROOT refers to the location where the Client Login Extension Installer files are extracted.
To configure the Client Login Extension Configuration Utility:
Double-click the ClientLoginExtensionConfigurationUtility.exe file, which is provided as part of the Client Login Extension installer, to launch the utility.
Read the license agreement and click, if you agree.Then the Client Login Extension Configuration Utility page appears.
NOTE:The License Agreement page appears only on the first launch of the Configuration Utility. When you launch Configuration Utility for the second time, License agreement page does not appear.
: Shows the path of the Client Login Extension installer file that is being configured.
Click the CLE/Installer sub-folder.button and browse to the appropriate location where the Client Login Extension Installer file is present. By default, the button opens the
Whenever this text box contains a path to a valid MSI file, the utility automatically opens the file, populates the other controls with the information it contains, and enables thebutton.
: Modify the information in the Welcome text or keep the information as it is presented.
The information in the text box is displayed on the Welcome screen of the Client Login Extension. The stringdisplays as .
: Specify the URL that the Client Login Extension- restricted browser uses to connect to the Self Service Password Reset Forgotten Password page. You can use either a DNS name or an IP address. An example of a URL using a DNS name that links to the Forgotten Password page is:
https://<server>:<port>/Self Service Password Reset/public/ForgottenPassword
IMPORTANT:You must have a valid URL pointing to the Self Service Password Reset’s Forgotten Password page; otherwise, the client connection might fail and you might not be able to log in through the workstation. For more information, see Using Forgotten Password.
Specify the text to be displayed on the link to the restricted browser that the Client Login Extension uses.
The default text is. The text for this button in Client for Open Enterprise Server cannot be changed here.
(Optional): This option allows you to enable the configurations for Self Service password Reset and Emergency Access.
If you select this option,, , and options are enabled.
NOTE:To enable this feature, you must have already configured Self Service Password Reset, as described in Configuring Self Service Password Reset for the Client Login Extension Integration and Configuring Self Service Password Reset for Enabling Password Expiration Warning.
: Specify the URI that the Client Login Extension- restricted browser uses to connect to the Self Service Password Reset server by using the REST calls. You can use either a DNS name or an IP address. An example of a URI using a DNS name is:
https://<server>:<port>/Self Service Password Reset/public/rest
(Optional): Select this option to enable users to change the password through Self Service Password Reset. If you do not select this option, the user can change the password through the default Windows password change mechanism.
NOTE:Users can change the password by using Self Service Password Reset or Windows password change mechanism before or after logging in to the computer.
: Specify the link that the Client Login Extension- restricted browser uses to connect to the Self Service Password Reset Password Policy page. The default text is .
: Select the option to prompt the users to answer their challenge responses before logging into the computer. However, if you do not select this option, the user can bypass the Force user for challenge responses prompt and proceed to log in. If you do not select this option, they can skip the challenge response prompt and proceed to log in.
NOTE:Ifis enabled for the users who have not yet enrolled in Self Service Password Reset, they will be prompted to answer their challenge questions regardless of the value of this setting.
: This option is enabled only if you select . Specify the message that you want to display when the user is prompted for force enrollment.
: Select the option to enable the users with a temporary access to the desktop when network is not available by providing the challenge responses configured in Self Service Password Reset. You can specify the other details for emergency access after you enable the option such as the following:
: A numerical value that indicates the maximum number of attempts a user is allowed for answering the questions, before getting locked out. After the maximum number of attempts are exhausted, the Emergency Access feature is not accessible. The default number of attempts are 3.
If you have configured a higher number ofquestions for the user, specify a higher number for the retry attempts. This helps in a situation where the user forgets some of the answers to the questions.
: A numerical value that indicates the number of minutes the user is allowed to use the system in the Emergency Access mode. The time allocated for the session should be configured to ensure that the user does not use the system in the emergency access mode for extended durations. The default time allowed is 30 minutes.
When lockout is imminent, a warning is displayed on the system tray. After the session time is exhausted, the user is automatically locked out of the system
: A numerical value that indicates the number of seconds the User gets the warning before session expires. The default time allowed is 30 seconds.
: This message is displayed in system tray for the users who logged into desktop.
: Type a message in the field. If network is unavailable, the text that you mention in this setting is displayed when you click on Forgotten password. This message gets displayed on all the Emergency Access dialog boxes.
: In the option, you can enable the following settings:
: You can specify the text that you want to display on the CLE tile and also specify the path of the image that you want to set as a logo for that tile. If you have enabled this setting, then the forgotten password link will be available only on the CLE tile.
: In an environment where Internet is not directly accessible and the Client Login Extension needs to access it, you need to connect the Client Login Extension to a proxy server. To connect to the proxy server, select the Enable Proxy check-box and provide the IP address and the port number of the proxy server in the Proxy Server text-box. When you do not enable the proxy server, CLE retrieves information directly from Self Service Password Reset server and does not go through the proxy server.
In theoption, you can select the following settings:
When you select this setting, the button gets enabled and you can add the list of sites that are available for whitelist.
NOTE:You can add only the secured web sites to the list. To configure CLE for the Google captcha, you must update the URL Redirection list to with the URL https://www.google.com.
: When you select this setting, all the sites mentioned in the URL redirection list and the site mentioned in are added to the Internet Explorer trusted zones.
: This setting is enabled by default.
After all of the information is in place, clickon the page.
Clickto write the new configuration settings to the selected Client Login Extension file.
Clickto close the confirmation message.
The Client Login Extension Configuration utility remains open, allowing you to configure another Client Login Extension MSI file in a different language. To do so, click the msi file by following Step 5 through Step 17.button to the right of the option, select another language, and configure another .
The localized Client Login Extension MSI files for the more common languages are delivered with the configuration utility in the Installers folder. You must configure each localized installer individually.
To localize the Client Login Extension MSI files for languages other than those delivered with the Client Login Extension, see Localizing Client Login Extension Files for Other Languages.
To close the Client Login Extension Configuration utility window, click.