You set preferences for managing SecureLogin in the Administration Management utility:
Log in to iManager.
Click
> > . The list of preferences is displayed.Make the changes you want, then click
.Use the information in the following tables to assist you in making the changes:
Table 3-1 The General Preferences
Preference |
Possible Values |
Description |
Default Value |
---|---|---|---|
|
/ / |
This preference controls whether users can access the option from SecureLogin icon on the notification area (system tray).If the option is set to , the option is shown as disabled in the SecureLogin notification area (system tray) icon.If this option is set to Yes or , the option is displayed and accessible in the SecureLogin notification area (system tray) icon.NOTE:This preference requires SecureLogin 6.0 datastore if the value is changed. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
/ / |
This preference controls whether users can refresh cache using the > option from the SecureLogin icon on the notification area (system tray).If this option is set to , the option is displayed and accessible in the notification area (system tray) icon.If this option is set to or , the option is not displayed in the notification area (system tray) icon.NOTE:This preference requires SecureLogin 6.0 datastore if the value is changed. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
/ / |
This preference controls if users can log out from a session using option from the SecureLogin icon on the notification area (system tray).If this option is set to , the option is not displayed and accessible in the SecureLogin notification area (system tray) icon.If this option is set to or , the option is displayed and accessible in the SecureLogin notification area (system tray) icon.This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
/ / |
This preference controls whether users can work in offline cache mode using the > option.If this option is set to or , the option is displayed in the notification area (system tray) icon.If this option is set to , the option is not displayed in the notification area (system tray) icon.This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
/ / |
This preference controls whether users can modify application definitions using the tabs in the Applications pane of SecureLogin client.If this option is set to or , the end user can view and modify their application definitions.If this option is set to , the end user cannot change their application definitions.NOTE:If the Allow application definition to be viewed by users is set to No, then this option is cannot be edited. Disabling this preference does not disable the users from creating new applications through the wizards. This preference requires SecureLogin 6.0 datastore if the value is changed. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default option is . |
|
/ / |
This preference controls whether users can view application definitions using the tabs in the Applications pane of SecureLogin client.If this option is set to or , users can view the application definition.If this option is set to , users cannot view the application definition.This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
/ / |
This preference controls whether users can delete their credentials using SecureLogin client available from Manage Logins from the SecureLogin icon in the notification area (system tray). NOTE:If Allow credentials to be modified by users through the GUI is set to , then this option is automatically set to and not editable.This preference requires SecureLogin 6.0 datastore if the value is changed. If this option is set to or , users can delete their credentials through the GUI.If this option is set to , users cannot delete their credentials.This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
/ / |
This preference controls whether users can modify their credentials using SecureLogin client available from Manage Logins from the SecureLogin icon in the notification area (system tray). If this option is set to or , users can modify their credentials through the GUI.If this option is set to , users cannot modify their credentials through the GUI. They can only view the credentials.This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
/ / |
This preference controls whether users can activate or deactivate SecureLogin through the SecureLogin icon in the notification area (system tray). If this option is set to or , users can switch between active and inactive modes of SecureLogin.If this option is set to , users cannot switch between active and inactive modes.
This preference requires SecureLogin 6.0 datastore if the value is changed. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
/ / |
This preference controls whether users can backup and restore their information from the menu of the SecureLogin icon on the notification area (system tray).If this option is set to or , users can back up and restore their single sign-on information.If this option is set to , users cannot back up and restore their single sign-on configuration.This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
/ / |
This preference controls whether users can change their passphrase question and answer. The option is available from the menu of the SecureLogin icon on the notification area (system tray).If this option is set to or , users can change their passphrase through the notification area (system tray) icon.If this option is set to , users cannot change their passphrase through the notification area (system tray) icon.This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
/ / |
This preference controls whether users can edit the names of their Application login credentials using the tab > function in SecureLogin client.If this option is set to or , the user can edit the names of their credentials (either by right-clicking on the credential and selecting Rename, or by a slow double-click on the credential name).If this option is set to , the use cannot edit the names of the credentials.This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
|
This preference controls whether the user can modify the option.If this option is set to or , users can modify the option and change the duration of time a password is visible.If this option is set to , users cannot modify the option. |
The default value is . |
|
/ / |
This preference controls whether users can view and update their preferences. If this option is set to or , users can view and change their preferences.If this option is set to , users cannot view and change their preferences.NOTE:Create a separate ou for administrators to ensure that they are not adversely affected by the general user configuration preferences at the ou level. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
/ / |
This preference controls whether users can view and modify API options using the Preferences pane of SecureLogin client. The API preference defines the following options for users to:
If this option is set to or users can view and modify the API preference.If this option is set to , users cannot view and modify the API preference.NOTE:This preference affects what is displayed in SecureLogin client using Change Preferences from the Advanced menu. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
/ / |
This preference controls whether users can view their passwords using Show Passwords in the Application pane > Details of NetIQ SecureLogin client. If this option is set to or , users can view their passwords.If this option is set to , users cannot view their passwords.NOTE:Allowing users to view their passwords gives them an opportunity to view and record passwords if they need to reset the SecureLogin configuration. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
|
This preference defines the time in minutes the synchronization of user data and directory on the local workstation. This preference is available in both SecureLogin client and the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is set to minutes. |
|
/ / |
Predefined applications generally include commands to respond to incorrect password dialogs. This preference enables SecureLogin to respond to incorrect passwords for web applications. If this option is set to or , incorrect passwords for Web applications are detected.If this option is set to , incorrect passwords for Web applications are not detected.This preference is available in both SecureLogin client and the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
/ / |
This preference controls the users access to running SecureLogin. If this option is set to , access to SecureLogin is disabled and it will not start when run either automatically at startup or when run manually.If this option is set to or , access to SecureLogin is enabled and will start normally.This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
/ / |
This preference controls the display of the SecureLogin splash screen during startup. If this option is set to or , the splash screen appears when SecureLogin starts up.If this option is set to , the splash screen is hidden and users cannot see the splash screen when SecureLogin starts up.NOTE:This preference requires SecureLogin 6.0 datastore if the value is changed. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
/ / |
This preference controls the display of SecureLogin icon in the notification area (system tray). If this option is set to or , the SecureLogin icon appears on the notification area (system tray).If this option is set to , the SecureLogin icon does not appear on the notification area (system tray).NOTE:When the SecureLogin icon is visible, users can double-click the icon on the notification area (system tray) to launch SecureLogin client. When the SecureLogin is not visible, users can start SecureLogin client through > > >This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
|
This preference allows SecureLogin to display the current user name, when you mouse over the SecureLogin tray icon. When the user logs in to SecureLogin in the offline mode, the full qualified distinguished name (FQDN) is displayed when you mouse over the SecureLogin tray icon. In the online mode, the current user’s full name is displayed. |
The default value is . |
|
/ / |
This preference controls creating and updating of a SecureLogin cache file on the local workstation. The cache file stores all user configuration data; local and inherited. Set this option to or , the cache file is saved on the local workstation in the directory that was specified during install.Users with roaming profiles should always have this setting as .Set this option to if you cannot store cache files locally or if this causes conflicts with your organizational security policy.This preference is available in both SecureLogin client and the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
/ / |
This preference controls sending the log events to Windows Event Log. This includes the entire user configuration, both local and inherited. If set to or , log events are sent automatically to Windows Event Log.If set to , the log events are not sent to Windows Event Log.Only the following events are logged:
NOTE:This preference requires SecureLogin 6.0 datastore if the value is changed. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
/ / |
This preference controls whether users can create multiple logins on the same application using the > option from the NetIQ SecureLogin icon on the notification area (system tray).If this option is set to or , the New Login menu option is enabled and users can create multiple logins.If this option is set to , New Login menu option is disabled and users cannot create multiple logins.This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
/ / |
This preference forces users to set up a passphrase question and answer when SecureLogin is launched by a user for the first time. If this option is set to , users must complete setting up their passphrase before they proceed with any other activity on the workstation.If this option is set to or , users can postpone setting up the passphrase. If the users clicks or closes the dialog, then SecureLogin does not start.This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
Specify API license key(s) |
Specify the API license key(s) provided by SecureLogin to activate the API functionality for an application. You can add more than one API license key. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
Specify the API license key |
> |
Integer value in seconds |
Restricts the password display time when you click the button in the local interface. |
The default value is 30. |
|
/ / |
This preference restricts the users from accessing the NetIQ SecureLogin icon menu option (from the notification area (system tray) without their network login password. If this option is set to , the NetIQ SecureLogin icon on the notification area (system tray) is password protected.If this option is set to or , the NetIQ SecureLogin icon on the notification area (system tray) is not password protected.This preference is available in both SecureLogin client and the administrative management utilities (iManager, SLManager, and MMC snap-ins). NOTE:Always check the option when NMAS is used. |
The default value is . |
|
/ / |
This preference controls the API functionality use. If this option is set to , the API access is enabled.If this option is set to or , the API access is disabled.This preference is available in both SecureLogin client and the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
/ / |
This preference controls the inheritance of settings from higher level containers or organizational units. If this option is set to Yes, the inheritance of settings from higher level containers or organizational units is disabled. Set the option to during phased upgrades when higher levels might have a different version of SecureLogin implemented.If this option is set to or , the inheritance of settings from higher level containers or organizational units is enabled.This preference does not apply when SecureLogin is installed in eDirectory environment. The Corporate redirection functionality; that is, the inheritance settings from higher level container or organizational units is bypassed in an eDirectory environment. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
/ / |
This preference controls that access to the application definition wizard. If this option is set to , it gives users’ complete access to the application definition wizard. Users can create their own application definitions.If this option is set to , users are only allowed to create new login credential sets for new applications using the auto-detection settings.If this option is set to , the application definition wizard is not launched.NOTE:This preference requires SecureLogin 6.0 datastore if the value is changed. This preference is available through the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
Table 3-2 The Security Preferences Properties Table
Preference |
Possible Values |
Description |
Default Value |
---|---|---|---|
|
Specify text to identify your certificate |
This preference allows you to specify a text to uniquely identify a certificate (within searchable field only). |
Not applicable |
|
No certificate selected |
This preference allows you to select a certificate from the multiple certificates available for a smartcard user. |
Not applicable |
|
/ / |
This passphrase is an additional mechanism for unlocking a user’s single sign-on data if the primary key (network password, smartcard, or PIN) used to encrypt the single sign-on data is lost or forgotten. It also prevents unauthorized access to a user’s single sign-on data in the event their primary key is deliberately changed by a third party. In this case even if the unauthorized person is able to bypass a user’s primary key, he or she must answer the passphrase answer to access the user’s single sign-on data. If this option is set to or , the correct passphrase answer is prompted in situations where the user cannot provide the primary key (network password, smart card, or PIN). If the correct passphrase answer is not provided, SSO data will not be available to the user.If you change the preference from to after the user has set up a passphrase, users must answer the passphrase questions to use SecureLogin. Typically, users not prompted to create a passphrase after the first login.If this option is set to , the user is not requested to answer a passphrase question. It is automatically generated by SecureLogin according to the user’s parameters. This process is then automatically used in the configuration where a passphrase is required.If this option is set to , the passphrase system is not enabled and cannot be used. If the primary key is lost or forgotten, users’ single sign-on data cannot be accessed.You can set this preference to if the preference for is also set to .NOTE:The Enable passphrase security system preference is supported only with the datastore version 6.0. The Disable passphrase security system preference applicable for datastore version 3.5 is removed and is no longer supported. If you are using this preference with datastore version 3.5, you must upgrade the datastore version 6.0 to use the Enable passphrase security system preference. |
The default value is . |
|
/ |
This preference determines how SecureLogin handles a user forgetting, losing or damaging his or her smart card. The option can only be used if the option is set to or and Use smart card to encrypt single sign-on data is set to one of the smart card values.If this option is set to or , the passphrase functions as a secondary key. If the smart card is not available, the passphrase is required in online mode to retrieve credentials from the directory.If this option is set to , then the users single sign-on data is not accessible if the users’ smartcard is not available..NOTE:This preference is not available to users who have not upgraded their datastore to version 6.0. |
The default value is |
|
/ |
This option is defined to change the data encryption mode. This option is not available prior to version 6.0 of SecureLogin. If the preference is set to or , AES encryption is used for encrypting single sign-on data.If the preference is set to , Triple DES is used for encrypting single sign-on data. |
The default value is . |
|
/ / |
This setting is only relevant in a NetIQ environment; it relates to using SecretStore protection. If this option is set to or , then a password protection is added.If this option is set to , a password protection is not added.This preference is not available to users who have not upgraded their datastore to version 6.0. |
The default value is . |
|
/ / |
Allows PKI credentials or a self-generated key to be created as the encryption source to encrypt the single sign-on data in the directory. If this preference is set to or , all other smart card options are dimmed.If this preference is set to PKI credentials, single sign-on data is encrypted using the user's PKI credentials. Single sign-on data stored in the Directory and in the offline cache (if enabled) is encrypted using the public key from the selected certificate and the private key (stored on a PIN-protected smart card) is used for decryption. If this preference is set to , single sign-on data is encrypted using a randomly generated symmetric key that is stored on the user's smart card. This key is used to encrypt and decrypt single sign-on data stored in the Directory and in the offline cache (if enabled). |
The default preference is . |
|
|
of NDS password in e-Directory Mode is used to encrypt SecureLogin data. allows SecureLogin to use the user's password (NDS or Universal) to encrypt SecureLogin data. |
|
Table 3-3 The Java Preferences Properties Table
Preference |
Possible Values |
Description |
Default Value |
---|---|---|---|
|
/ / |
This preference controls whether SecureLogin detects Java application. If the preference is set to or , SecureLogin prompts to create a script when a Java application login page is loaded.If this option is set to No, then SecureLogin will not prompt when Java application login page is loaded. This preference is available in both SecureLogin client and all the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
/ / |
This preference controls whether SecureLogin allows single sign-on for Java applications. If the preference is set to or , SecureLogin prompts the user to enter credentials (if none already exist), or submits existing credentials on the Java application login page.If this option is set to , Java applications are not enabled for single sign-on.This preference is available in both SecureLogin client and all the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
Table 3-4 The Web Preferences Properties Table
Preference |
Possible Values |
Description |
Default Value |
---|---|---|---|
|
/ / |
This preference controls the display of the Web login detection wizard and confirmation dialog box when a Web application is detected and recognized by Internet Explorer. If you select or , the user is initially prompted to enable the application and enter the credentials for the application (if not done previously).NOTE:Setting the preference to Wizard mode preference. when displayed to users depends on the settings of theOn subsequent runs of the application, the user is not prompted for credentials and single sign-on occurs seamlessly. If you select , SecureLogin skips enabling the application for single sign-on, the user is never be prompted to enable the application.This preference is available in both SecureLogin client and all the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
/ / |
This preference controls the display of Web login detection wizard and confirmation dialog box when a Web application is detected and recognized by Mozilla Firefox. NOTE:Setting the preference to Wizard mode preference. when displayed to users depends on the settings of theIf you select or , the user is initially prompted to enable the application and enter the credentials for the application (if not done previously). On subsequent runs of the application, the user is not prompted for credentials and single sign-on occurs seamlessly.If you select , SecureLogin skips enabling the application for single sign-on on this instance. You are prompted to enable the application when you launch it the next time.This preference is available in both SecureLogin client and all the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
/ / |
This preference defines single sign-on access to Web application using Internet Explorer. If you select or the specified credentials are saved and the application is enabled for single sign-on.If you select , SecureLogin does not prompt for credentials (if none exist or are incorrect) and does not submit credentials into the application.This preference is available in both SecureLogin client and all the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
/ / |
This preference defines single sign-on access to Web application using Mozilla Firefox. If you select or the specified credentials are saved and the application is enabled for single sign-on.If you select , SecureLogin does not prompt for credentials (if none exist or are incorrect) and does not submit credentials into the application.This preference is available in both SecureLogin client and all the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
Table 3-5 The Windows Preferences Properties Table
Preference |
Possible Values |
Description |
Default Value |
---|---|---|---|
|
/ / |
This preference controls the display of a Windows login detection and confirmation message when a Windows application is detected and recognized. If you select or , the user prompted to enable the application and to enter the credentials for the application (if not done previously).On subsequent runs of the application, the user is not prompted for credentials and single sign-on occurs seamlessly. This preference is available in both SecureLogin client and all the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |
|
/ / |
This preference defines single sign-on access to Windows applications. If you select or the specified credentials are saved and the application is enabled for single sign-on.If you select No, SecureLogin will not prompt for credentials (if none exist or are incorrect) and will not submit credentials into the application. This preference is available in both SecureLogin client and all the administrative management utilities (iManager, SLManager, and MMC snap-ins). |
The default value is . |