2.6 Deleting or Re-setting User Data

If a user forget the network password and passphrase answer or if the login credential data is corrupted, you must delete all SecureLogin data.

You as an administrator must do this because the user does not have access to the administrative management utilities.

Before you delete a user’s datastore object, consider the following important aspects:

User Data Re-set Option

Action

Select the required directory object only

The Delete single sign-on configuration for this datastore object option is available at the container, group policy, ou, and user object level.

Record (external to SecureLogin) all usernames, password, and additional required credential information

For example, if you delete a single sign-on-enabled application at the ou level, you might also be deleting the credentials for all users that reside in that container.

Delete the local cache on the workstation

The object or user continues to inherit configuration from higher-level objects in the directory even though you deleted the user data in the directory cache.

This means that you should delete the local cache on the workstation first. This ensures that it does not synchronize with the directory cache and re-create the configuration in the directory.

To reset the user data:

  1. Launch the Administrative Management utility (iManager, SLManager, or MMC snap-ins).

  2. If you are using iManager, browse to SecureLogin SSO > Manage SecureLogin SSO > Advanced Settings. The Advanced Settings page is displayed.

  3. Click Delete in the Datastore section. A warning message appears.

  4. Click Yes. The Datastore object is deleted.

    If you did not delete the SecureLogin cache from the local cache, before you deleted the Datastore object data, you get an error message.

    NOTE:When SecureLogin is installed in the SecretStore environment, the data will not be deleted from the SecretStore datastore.

    In a SecretStore environment, use the SecretStore iManager plugin to clear the credentials instead of the SecureLogin plugin .

  5. Click Yes.

    When you do this, you delete the complete data of the user, including:

    • Credentials, including usernames and passwords

    • Application definitions

    • Predefined applications

    • Password policies

    • Preferences

    • Passphrase questions and answers

    WARNING:The deleted data cannot be retrieved.

    The next time the user logs in, the user is asked to set up a new passphrase question and response and re-enter the credentials for each application enabled for single sign-on.

    Novell SecureLogin supports setting a cache expiry by using the following registry entry on the client:

    HKEY_LOCAL_MACHINE/SOFTWARE/Protocom/SecureLogin

    DWORD Value CacheExpiryDays

    The value data is the number of days. Do not provide zero (o) because the cache would expire immediately on refresh. The cache expiry period is updated at each cache or directory synchronization, or each time Novell SecureLogin loads in an online mode.

    NOTE:No warning is provided at cache expiry. If a cache is expired, the users cannot access Novell SecureLogin in an offline mode until they log in, and create the cache again in an online session.