NetIQ Documentation: Novell SecureLogin Overview Guide

2.7 The Preferences Properties Table

The Preferences properties table provides tools to configure the parameters of the user’s Novell SecureLogin environment, including applications permitted to be enabled for single sign-on and access to Novell SecureLogin management and administration tools.

The following table provides the options for Novell SecureLogin Client Utility, the SecureLogin Manager, and iManager. If the option is available only in one of the management utilities, this is mentioned in the Description column in the following Preferences tables.

2.7.1 Configuring Preferences Introduced In Novell SecureLogin Version 6

Prior to configuring preferences, administrators should refer to the Novell SecureLogin Administration Guide for important information regarding Novell SecureLogin functionality using different datastore versions, particularly in mixed or staged deployments.

Novell SecureLogin version 6 introduced a range of new security features and preferences, including the storage of single sign-on credentials on the user’s smart card, encryption of the data store using Public Key Infrastructure (PKI)-based credentials and support for the Advanced Encryption Standard (AES) encryption algorithm. These new preferences required changes to Novell SecureLogin 6.0 datastore format to support them.

Viewing and modifying application definitions

Novell SecureLogin 6.0 and earlier had a single preference titled Allow users to view and modify application definitions that is superseded by two separate preferences for viewing and modifying application definitions.When upgrading from earlier versions of Novell SecureLogin to version 6.1 or later using legacy directory data, old Allow users to view and modify application definitions was set to No, then the new Allow application definition to be modified by users preferences for the current version will be disabled (grayed out).

You must reset Allow application definition to be viewed by users to Yes before users can modify application definitions.

The Preferences are displayed on the right pane when Preferences is clicked in the Management utility.

Click the plus (+) symbol next to the names of the preferences to expand the preference options.

Figure 2-5 The Preferences

In previous versions of Novell SecureLogin, the application definition preference was a single preference called Allow users to view and modify application definitions. This is now split into two preferences:

- Allow application definition to be modified by users
- Allow application definition to be viewed by users

When you upgrade from a previous version of Novell SecureLogin to Novell SecureLogin 7.0, if you are using the legacy directory data (that is, data from Novell SecureLogin 6.0 or 3.5) and if the Allow users to view and modify application definition to be modified by users option was set to No, then the new Allow application definition to be modified by users for Novell SecureLogin 7.0 is disabled and dimmed.

Administrators must reset the Allow application definition to be viewed by users option to Yes before users can modify the application definitions.

The Preferences has the following categories:

User or the administrators can change the value of the Preferences in the Administrative Management utility or Novell SecureLogin Client Utility unless otherwise specified.

The administrators can restrict the user’s access to this table through the centrally controlled administrative preferences.

NOTE:The Security option is not available in Novell SecureLogin Client Utility.

Table 2-8 The General Preferences Properties Table

Preference	Possible Values	Description	Default Value
Allow "Close" option via system tray	Yes/No/Default	This preference controls whether users can access the Close option from Novell SecureLogin icon on the notification area (system tray). If the option is set to No, the Close option is shown as disabled in the Novell SecureLogin notification area (system tray) icon. If this option is set to Yes or Default, the Close option is displayed and accessible in the Novell SecureLogin notification area (system tray) icon. NOTE:This preference requires Novell SecureLogin 6.0 datastore if the value is changed. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.
Allow "Refresh Cache" option via system tray	Yes/No/Default	This preference controls whether users can refresh cache using the Advanced > Refresh Cache option from the Novell SecureLogin icon on the notification area (system tray). If this option is set to Yes, the Refresh Cache option is displayed and accessible in the notification area (system tray) icon. If this option is set to No or Default, the Refresh Cache option is not displayed in the notification area (system tray) icon. NOTE:This preference requires Novell SecureLogin 6.0 datastore if the value is changed. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is No.
Allow "Log Off" option via system tray	Yes/No/Default	This preference controls if users can log out from a session using Log Off User option from the Novell SecureLogin icon on the notification area (system tray). If this option is set to No, the Log Off User option is not displayed and accessible in the Novell SecureLogin notification area (system tray) icon. If this option is set to Yes or Default, the Log Off User option is displayed and accessible in the Novell SecureLogin notification area (system tray) icon. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.
Allow "Work Offline" option via system tray	Yes/No/Default	This preference controls whether users can work in offline cache mode using the Advanced > Work Offline option. If this option is set to Yes or Default, the Work Offline option is displayed in the notification area (system tray) icon. If this option is set to No, the Work Offline option is not displayed in the notification area (system tray) icon. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.
Allow application definition to be modified by users	Yes/No/Default	This preference controls whether users can modify application definitions using the Definitions tabs in the Applications pane of the Novell SecureLogin Client Utility. If this option is set to Yes or Default, the end user can view and modify their application definitions. If this option is set to No, the end user cannot change their application definitions. NOTE:If the Allow application definition to be viewed by users is set to No, then this option is cannot be edited. Disabling this preference does not disable the users from creating new applications through the wizards. This preference requires Novell SecureLogin 6.0 datastore if the value is changed. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default option is Yes.
Allow application definition to be viewed by users	Yes/No/Default	This preference controls whether users can view application definitions using the Definitions tabs in the Applications pane of the Novell SecureLogin Client Utility. If this option is set to Yes or Default, users can view the application definition. If this option is set to No, users cannot view the application definition. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.
Allow credentials to be deleted by users through the GUI	Yes/No/Default	This preference controls whether users can delete their credentials using the Novell SecureLogin Client Utility available from Manage Logins from the Novell SecureLogin icon in the notification area (system tray). NOTE:If Allow credentials to be modified by users through the GUI is set to No, then this option is automatically set to No and not editable. This preference requires Novell SecureLogin 6.0 datastore if the value is changed. If this option is set to Yes or Default, users can delete their credentials through the GUI. If this option is set to No, users cannot delete their credentials. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.
Allow credentials to be modified by users through the GUI	Yes/No/Default	This preference controls whether users can modify their credentials using the Novell SecureLogin Client Utility available from Manage Logins from the Novell SecureLogin icon in the notification area (system tray). If this option is set to Yes or Default, users can modify their credentials through the GUI. If this option is set to No, users cannot modify their credentials through the GUI. They can only view the credentials. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.
Allow users to (de) activate SSO via system tray	Yes/No/Default	This preference controls whether users can activate or deactivate SecureLogin through the SecureLogin icon in the notification area (system tray). If this option is set to Yes or Default, users can switch between active and inactive modes of Novell SecureLogin. If this option is set to No, users cannot switch between active and inactive modes. If SecureLogin status was active when this preference was applied, it remains as active and the user cannot de-activate SecureLogin. If SecureLogin status was inactive when this preference was applied, it remains as inactive and the user cannot change SecureLogin status to Active. This preference requires Novell SecureLogin 6.0 datastore if the value is changed. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.
Allow users to backup/restore	Yes/No/Default	This preference controls whether users can backup and restore their information from the Advanced menu of the SecureLogin icon on the notification area (system tray). If this option is set to Yes or Default, users can back up and restore their single sign-on information. If this option is set to No, users cannot back up and restore their single sign-on configuration. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.
Allow users to change passphrase	Yes/No/Default	This preference controls whether users can change their passphrase question and answer. The Change Passphrase option is available from the Advanced menu of the Novell SecureLogin icon on the notification area (system tray). If this option is set to Yes or Default, users can change their passphrase through the notification area (system tray) icon. If this option is set to No, users cannot change their passphrase through the notification area (system tray) icon. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.
Allow users to modify names of Applications and Logins	Yes/No/Default	This preference controls whether users can edit the names of their Application login credentials using the Details tab > Edit function in the Novell SecureLogin Client Utility. If this option is set to Yes or Default, the user can edit the names of their credentials (either by right-clicking on the credential and selecting Rename, or by a slow double-click on the credential name). If this option is set to No, the use cannot edit the names of the credentials. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is No.
Allow users to view and change Preferences	Yes/No/Default	This preference controls whether users can view and update their preferences. If this option is set to Yes or Default, users can view and change their preferences. If this option is set to No, users cannot view and change their preferences. NOTE:Create a separate ou for administrators to ensure that they are not adversely affected by the general user configuration preferences at the ou level. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.
Allow users to view and modify API preferences	Yes/No/Default	This preference controls whether users can view and modify API options using the Preferences pane of the Novell SecureLogin Client Utility. The API preference defines the following options for users to: Enter an API license key(s). Provide API access. If this option is set to Yes or Default users can view and modify the API preference. If this option is set to No, users cannot view and modify the API preference. NOTE:This preference affects what is displayed in the Novell SecureLogin Client Utility using Change Preferences from the Advanced menu. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.
Allow users to view passwords	Yes/Yes, per application/No/Default	This preference controls whether users can view their passwords using Show Passwords in the Application pane > Details of the Novell SecureLogin Client Utility. If this option is set to Yes or Default, users can view their passwords. If this option is set to No, users cannot view their passwords. NOTE:Allowing users to view their passwords gives them an opportunity to view and record passwords if they need to reset the Novell SecureLogin configuration. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.
Change the cache refresh interval (in minutes)	5	This preference defines the time in minutes the synchronization of user data and directory on the local workstation. This preference is available in both the Novell SecureLogin Client Utility and the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is set to 5 minutes.
Detect incorrect passwords	Yes/No/Default	Predefined applications generally include commands to respond to incorrect password dialogs. This preference enables SecureLogin to respond to incorrect passwords for web applications. If this option is set to Yes or Default, incorrect passwords for Web applications are detected. If this option is set to No, incorrect passwords for Web applications are not detected. This preference is available in both the Novell SecureLogin Client Utility and the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.
Disable single sign-on	Yes/No/Default	This preference controls the users access to running Novell SecureLogin. If this option is set to Yes, access to Novell SecureLogin is disabled and it will not start when run either automatically at startup or when run manually. If this option is set to No or Default, access to Novell SecureLogin is enabled and will start normally. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is No.
Display splash screen on startup	Yes/No/Default	This preference controls the display of the Novell SecureLogin splash screen during startup. If this option is set to Yes or Default, the splash screen appears when Novell SecureLogin startsup. If this option is set to No, the splash screen is hidden and users cannot see the splash screen when Novell SecureLogin startsup. NOTE:This preference requires Novell SecureLogin 6.0 datastore if the value is changed. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.
Display the system tray icon	Yes/No/Default	This preference controls the display of Novell SecureLogin icon in the notification area (system tray). If this option is set to Yes or Default, the Novell SecureLogin icon appears on the notification area (system tray). If this option is set to No, the Novell SecureLogin icon does not appear on the notification area (system tray). NOTE:When the Novell SecureLogin icon is visible, users can double-click the icon on the notification area (system tray) to launch the Novell SecureLogin Client Utility. When the Novell SecureLogin is not visible, users can start the Novell SecureLogin Client Utility through Start > Programs > Novell SecureLogin > Novell SecureLogin This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.
Enable cache file	Yes/No/Default	This preference controls creating and updating of a SecureLogin cache file on the local workstation. The cache file stores all user configuration data; local and inherited. Set this option to Yes or Default, the cache file is saved on the local workstation in the directory that was specified during install. Users with roaming profiles should always have this setting as Yes. Set this option to No if you cannot store cache files locally or if this causes conflicts with your organizational security policy. This preference is available in both the Novell SecureLogin Client Utility and the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.
Enable logging to Windows Event log	Yes/No/Default	This preference controls sending the log events to Windows Event Log. This includes the entire user configuration, both local and inherited. If set to Yes or Default, log events are sent automatically to Windows Event Log. If set to No, the log events are not sent to Windows Event Log. Only the following events are logged: SSO client started SSO client exited SSO client activated by user SSO client deactivated by user Password provided to an application by a script Password changed by the user in response to a change password command Password changed automatically in response to a change password command. NOTE:This preference requires Novell SecureLogin 6.0 datastore if the value is changed. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.
Enable the New Login Wizard on the system tray icon	Yes/No/Default	This preference controls whether users can create multiple logins on the same application using the New Login > Add New Login option from the Novell SecureLogin icon on the notification area (system tray). If this option is set to Yes or Default, the New Login menu option is enabled and users can create multiple logins. If this option is set to No, New Login menu option is disabled and users cannot create multiple logins. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.
Enforce passphrase use	Yes/No/Default	This preference forces users to set up a passphrase question and answer when Novell SecureLogin is launched by a user for the first time. If this option is set to Yes, users must complete setting up their passphrase before they proceed with any other activity on the workstation. If this option is set to No or Default, users can postpone setting up the passphrase. If the users clicks Cancel or closes the dialog, then SecureLogin does not start. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is No.
Enter API license key(s)	Specify API license key(s)	Specify the API license key(s) provided by Novell SecureLogin to activate the API functionality for an application. You can add more than one API license key. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins).	Specify the API license key
Password protect the system tray icon	Yes/No/Default	This preference restricts the users from accessing the Novell SecureLogin icon menu option (from the notification area (system tray) without their network login password. If this option is set to Yes, the Novell SecureLogin icon on the notification area (system tray) is password protected. If this option is set to No or Default, the Novell SecureLogin icon on the notification area (system tray) is not password protected. This preference is available in both the Novell SecureLogin Client Utility and the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is No.
Provide API Access	Yes/No/Default	This preference controls the API functionality use. If this option is set to Yes, the API access is enabled. If this option is set to No or Default, the API access is disabled. This preference is available in both the Novell SecureLogin Client Utility and the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is No.
Stop walking here	Yes/No/Default	This preference controls the inheritance of settings from higher level containers or organizational units. If this option is set to Yes, the inheritance of settings from higher level containers or organizational units is disabled. Set the option to Yes during phased upgrades when higher levels might have a different version of Novell SecureLogin implemented. If this option is set to No or Default, the inheritance of settings from higher level containers or organizational units is enabled. This preference does not apply when Novell SecureLogin is installed in eDirectory environment. The Corporate redirection functionality; that is, the inheritance settings from higher level container or organizational units is bypassed in an eDirectory environment. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is No.
Wizard mode	Administrator/User/Disabled	This preference controls that access to the application definition wizard. If this option is set to Administrator, it gives users’ complete access to the application definition wizard. Users can create their own application definitions. If this option is set to User, users are only allowed to create new login credential sets for new applications using the auto-detection settings. If this option is set to Disabled, the application definition wizard is not launched. NOTE:This preference requires Novell SecureLogin 6.0 datastore if the value is changed. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Administrator.

Table 2-9 The Security Preferences Properties Table

Preference	Possible Values	Description	Default Value
Certificate selection criteria	Specify text to identify your certificate	This preference allows you to specify a text to uniquely identify a certificate (within searchable field only).	Not applicable
Current certificate	No certificate selected	This preference allows you to select a certificate other than the default certificate.	Not applicable
Enable passphrase security system	Yes/No/Hidden	This passphrase is an additional mechanism for unlocking a user’s single sign-on data if the primary key (network password, smartcard, or PIN) used to encrypt the single sign-on data is lost or forgotten. It also prevents unauthorized access to a user’s single sign-on data in the event their primary key is deliberately changed by a third party. In this case even if the unauthorized person is able to bypass a user’s primary key, he or she must answer the passphrase answer to access the user’s single sign-on data. If this option is set to Yes or Default, the correct passphrase answer is prompted in situations where the user cannot provide the primary key (network password, smart card, or PIN). If the correct passphrase answer is not provided, SSO data will not be available to the user. If you change the preference from Hidden to Yes after the user has set up a passphrase, users must answer the passphrase questions to use Novell SecureLogin. Typically, users not prompted to create a passphrase after the first login. If this option is set to Hidden, the user is not requested to answer a passphrase question. It is automatically generated by SecureLogin according to the user’s parameters. This process is then automatically used in the configuration where a passphrase is required. If this option is set to No, the passphrase system is not enabled and cannot be used. If the primary key is lost or forgotten, users’ single sign-on data cannot be accessed. You can set this preference to No if the preference for Use smart card to encrypt SSO data is also set to PKI Credentials. NOTE:The Enable passphrase security system preference is supported only with the datastore version 6.0. The Disable passphrase security system preference applicable for datastore version 3.5 is removed and is no longer supported. If you are using this preference with datastore version 3.5, you must upgrade the datastore version 6.0 to use the Enable passphrase security system preference.
Lost card scenario	Allow passphrase/Require smart card	This preference determines how Novell SecureLogin handles a user forgetting, losing or damaging his or her smart card. The Lost card option can only be used if the Enable passphrase security system option is set to Yes or Hidden and Use smart card to encrypt single sign-on data is set to one of the smart card values. If this option is set to Allow passphrase or Default, the passphrase functions as a secondary key. If the smart card is not available, the passphrase is required in online mode to retrieve credentials from the directory. If this option is set to Require smart card, then the users single sign-on data is not accessible if the users’ smartcard is not available.. NOTE:This preference is not available to users who have not upgraded their datastore to version 6.0.	The default value is Allow passphrase.
Require Smart Card is present for SSO and administration operations	Yes/No/Default	NOTE:To enable changes to this preference: The Use smart card to encrypt SSO data preference must be set to either PKI Credentials or Key generated on smart card. The Lost card scenario preference must be set to Require Smart card. This preference requires that a smart card must be accessible by SecureLogin each time a single sign-on operation is performed by an end user operation or administration operation. If this preference is set, SecureLogin cannot start without the smart card. As soon as the smart card is removed, SecureLogin is locked. By default, this preference is not set. If this option is set to Yes, Novell SecureLogin operations does not function without the smart card present. If the smart card is removed, Novell SecureLogin prompts to re-insert the card. If this option is set to No or Default, Novell SecureLogin can start without the smart card. NOTE: If the Lost card scenario is set to Allow passphrase, the Require smart Card is present for SSO and administration operations preference is set to No and is not editable. This preference is not available to users who have not upgraded their datastore to version 6.0.	The default value is No.
Store credentials on smart card	No	With this release of Novell SecureLogin, this option is set to No and changes to this preference are disabled. You cannot change this preference to store SecureLogin credentials on smart card.	No
Use AES for SSO data encryption	Yes/No	This option is defined to change the data encryption mode. This option is not available prior to version 6.0 of Novell SecureLogin. If the preference is set to Yes or Default, AES encryption is used for encrypting single sign-on data. If the preference is set to No, Triple DES is used for encrypting single sign-on data.	The default value is Yes.
Use enhanced protection by default	Yes/No/Default	This setting is only relevant in a Novell environment; it relates to using SecretStore protection. If this option is set to Yes or Default, then a password protection is added. If this option is set to No, a password protection is not added. This preference is not available to users who have not upgraded their datastore to version 6.0.	The default value is Yes.
Use smart card to encrypt SSO data	No/PKI credentials/Key generated on smart card	Allows PKI credentials or a self-generated key to be created as the encryption source to encrypt the single sign-on data in the directory. If this preference is set to No or Default, all other smart card options are dimmed. If this preference is set to PKI credentials, single sign-on data is encrypted using the user's PKI credentials. Single sign-on data stored in the Directory and in the offline cache (if enabled) is encrypted using the public key from the selected certificate and the private key (stored on a PIN-protected smart card) is used for decryption. If this preference is set to Key generated on smart card, single sign-on data is encrypted using a randomly generated symmetric key that is stored on the user's smart card. This key is used to encrypt and decrypt single sign-on data stored in the Directory and in the offline cache (if enabled).	The default preference is No.

Table 2-10 The Java Preferences Properties Table

Preference	Possible Values	Description	Default Value
Add application prompts for Java applications	Yes/No/Default	This preference controls whether Novell SecureLogin detects Java application. If the preference is set to Yes or Default, Novell SecureLogin prompts to create a script when a Java application login page is loaded. Novell SecureLogin will not prompt when Java application login page is loaded. This preference is available in both the Novell SecureLogin Client Utility and all the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.
Allow single sign-on to Java applications	Yes/No/Default	This preference controls whether Novell SecureLogin allows single sign-on for Java applications. If the preference is set to Yes or Default, Novell SecureLogin prompts the user to enter credentials (if none already exist), or submits existing credentials on the Java application login page. If this option is set to No, Java applications are not enabled for single sign-on. This preference is available in both the Novell SecureLogin Client Utility and all the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.

Preference

Possible Values

Description

Default Value

Add application prompts for Java applications

Yes/No/Default

This preference controls whether Novell SecureLogin detects Java application.

If the preference is set to Yes or Default, Novell SecureLogin prompts to create a script when a Java application login page is loaded.

Novell SecureLogin will not prompt when Java application login page is loaded.

This preference is available in both the Novell SecureLogin Client Utility and all the administrative management utilities (iManager, SLManager, and MMC snap-ins).

The default value is Yes.

Allow single sign-on to Java applications

Yes/No/Default

This preference controls whether Novell SecureLogin allows single sign-on for Java applications.

If the preference is set to Yes or Default, Novell SecureLogin prompts the user to enter credentials (if none already exist), or submits existing credentials on the Java application login page.

If this option is set to No, Java applications are not enabled for single sign-on.

This preference is available in both the Novell SecureLogin Client Utility and all the administrative management utilities (iManager, SLManager, and MMC snap-ins).

The default value is Yes.

Table 2-11 The Web Preferences Properties Table

Preference	Possible Values	Description	Default Value
Add application prompts for Internet Explorer	Yes/No/Default	This preference controls the display of the Web login detection wizard and confirmation dialog box when a Web application is detected and recognized by Internet Explorer. If you select Yes or Default, the user is initially prompted to enable the application and enter the credentials for the application (if not done previously). NOTE:Setting the perference to Yes when displayed to users depends on the settings of the Wizard mode preference. On subsequent runs of the application, the user is not prompted for credentials and single sign-on occurs seamlessly. If you select No, Novell SecureLogin skips enabling the application for single sign-on, the user is never be prompted to enable the application. This preference is available in both the Novell SecureLogin Client Utility and all the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.
Add application prompts for Mozilla Firefox	Yes/No/Default	This preference controls the display of Web login detection wizard and confirmation dialog box when a Web application is detected and recognized by Mozilla Firefox. NOTE:Setting the perference to Yes when displayed to users depends on the settings of the Wizard mode preference. If you select Yes or Default, the user is initially prompted to enable the application and enter the credentials for the application (if not done previously). On subsequent runs of the application, the user is not prompted for credentials and single sign-on occurs seamlessly. If you select No, Novell SecureLogin skips enabling the application for single sign-on on this instance. You are prompted to enable the application when you launch it the next time. This preference is available in both the Novell SecureLogin Client Utility and all the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.
Allow single sign-on to Internet Explorer	Yes/No/Default	This preference defines single sign-on access to Web application using Internet Explorer. If you select Yes or Default the specified credentials are saved and the application is enabled for single sign-on. If you select No, Novell SecureLogin does not prompt for credentials (if none exist or are incorrect) and does not submit credentials into the application. This preference is available in both the Novell SecureLogin Client Utility and all the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.
Allow single sign-on Mozilla Firefox	Yes/No/Default	This preference defines single sign-on access to Web application using Mozilla Firefox. If you select Yes or Default the specified credentials are saved and the application is enabled for single sign-on. If you select No, Novell SecureLogin does not prompt for credentials (if none exists or are incorrect) and does not submit credentials into the application. This preference is available in both the Novell SecureLogin Client Utility and all the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.

Table 2-12 The Windows Preferences Properties Table

Preference	Possible Values	Description	Default Value
Add application prompts for Windows applications	Yes/No/Default	This preference controls the display of a Windows login detection and confirmation message when a Windows application is detected and recognized. If you select Yes or Default, the user prompted to enable the application and to enter the credentials for the application (if not done previously). On subsequent runs of the application, the user is not prompted for credentials and single sign-on occurs seamlessly. If you select No, Novell SecureLogin skips enabling the application for single sign-on on this instance. You are prompted to enable the application when you launch it the next time. This preference is available in both the Novell SecureLogin Client Utility and all the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.
Allow single sign-on to Windows applications	Yes/No/Default	This preference defines single sign-on access to Windows applications. If you select Yes or Default the specified credentials are saved and the application is enabled for single sign-on. If you select No, Novell SecureLogin will not prompt for credentials (if none exist or are incorrect) and will not submit credentials into the application. This preference is available in both the Novell SecureLogin Client Utility and all the administrative management utilities (iManager, SLManager, and MMC snap-ins).	The default value is Yes.

Preference

Possible Values

Description

Default Value

Add application prompts for Windows applications

Yes/No/Default

This preference controls the display of a Windows login detection and confirmation message when a Windows application is detected and recognized.

If you select Yes or Default, the user prompted to enable the application and to enter the credentials for the application (if not done previously).

On subsequent runs of the application, the user is not prompted for credentials and single sign-on occurs seamlessly.

If you select No, Novell SecureLogin skips enabling the application for single sign-on on this instance. You are prompted to enable the application when you launch it the next time.

This preference is available in both the Novell SecureLogin Client Utility and all the administrative management utilities (iManager, SLManager, and MMC snap-ins).

The default value is Yes.

Allow single sign-on to Windows applications

Yes/No/Default

This preference defines single sign-on access to Windows applications.

If you select Yes or Default the specified credentials are saved and the application is enabled for single sign-on.

If you select No, Novell SecureLogin will not prompt for credentials (if none exist or are incorrect) and will not submit credentials into the application.

This preference is available in both the Novell SecureLogin Client Utility and all the administrative management utilities (iManager, SLManager, and MMC snap-ins).

The default value is Yes.