Each connector for Basic SSO works with the NetIQ Basic SSO extension for the Chrome browser, running on the user’s computer. It collects, saves, retrieves, and replays a user’s login credentials and metadata in a format that the site requires on its login page. The user must install the Basic SSO extension to take advantage of the single sign-on capability.
On successful site login, CloudAccess allows the user to specify whether to save the credentials for the website. If the user approves, CloudAccess securely stores the user’s credentials for the website in the internal credential store. It does not save them locally on the user's computer. The user’s credentials are available for single sign-on to the application through CloudAccess from any computer where the Basic SSO extension for the Chrome browser has been installed.
In subsequent CloudAccess sessions, the user can log in with enterprise credentials to CloudAccess and access the destination website without providing the additional credentials. CloudAccess securely retrieves and replays the user’s site login information for an automatic login on behalf of the user. Thus, the user has the experience of single sign-on.
Typically, users have a different login user name and password for their individual accounts on destination websites. CloudAccess can store only one account for each destination website for the user.
CloudAccess stores the user’s current credentials, but users still have the responsibility to maintain the credentials. The user uses the account management interface of the destination website to modify the user name and password as needed.
If the user changes the user name or password to the account, or if the user cancels the account, the user’s stored credentials are no longer valid. The automatic login fails, and CloudAccess removes the user’s old credentials for the website. CloudAccess redirects the user to the website’s login page where the user can log in with new credentials and save them if desired.
If the user wants to remove credentials for a website from the credential store, the user can use the website’s interface to change the password and exit the site. When the user accesses the application again, the login fails, and CloudAccess removes the user’s old credentials for the website from the credential store. CloudAccess redirects the user to the website’s login page where the user can log in with new credentials, and then choose to not save credentials for that website.
If a user uninstalls the Basic SSO extension, it does not affect the user’s credentials stored in the credential store. However, the user cannot take advantage of the single sign-on capability. If the user installs the extension again, the single sign-on capability starts working again.
NOTE:The MobileAccess app does not currently support a single-sign experience for links to websites configured with connectors for Basic SSO. The link takes the user to the website, but the user must enter the additional credentials.