How can I create an app that supports SSO and Password Management?

How can I create an app that supports SSO and Password Management?

If you have IdentityNow's SSO and Password Management services, you can configure an app that will replay a user's source password and allow users to update their source password from the app launcher. The configurations you choose for these apps includes the following options:

  • Your passthrough authentication source shares a password with one or more other apps in your network.
  • You don't have passthrough authentication but you have another source system that shares a password with one or more other apps in your network.

See the following sections for more information:

Managing Your Passthrough Authentication Source's Password on an SSO App

This section describes how to let users manage their passthrough authentication password from an SSO app. In summary, you can configure the app to use Directory Password SSO and select the passthrough authentication source as the source of the directory password.

With this configuration, a user will be able to:

  • Launch the app and replay the password set on the source
  • Update the password on the app and have that change occur on the source

NOTES:

  • For more information about passthrough authentication, see How do I configure IdentityNow to use passthrough authentication?​.
  • By default, this setting uses the sAMAccountName for the User Name field of apps associated with it. If you need to configure a custom app to use a different attribute, click here.
  • If this option does not appear in the Configuration panel for the app, it may have been hidden within the app's XML. Click here for more information.

Prerequisites:

  • At least one source configured for your deployment with the Used For settings Authentication and Password Management
  • The app you're working with must have already been configured in its associated administrative interface to use the authentication source you select in step 9 below.

Complete the following steps:

1. In the Admin interface, go to Applications.

2. Click the application you want to configure.

3. In Configuration Settings, under App Accounts Created By, select Admin (IT).

dir password.png

4. Under Account Source, select either Specific Users from Source or All Users From Source.

NOTE: Specific Users from Source and All Users From Source require additional configuration and have effects on users' access to the app.

5. In Select Source, choose the source of the app users' accounts.

dir password1.png

6. Under Access Management Type, select the Launch App check box.

7. Select the Directory Password radio button.

8. Click Save.

9. Click the Edit icon next to Needs Additional Configuration.

The SSO Settings page is displayed.

directory password access management.png

10. Under Authentication Source, select a source that matches the authentication source set on identity profiles.

NOTES:

  • To enable a user to manage their source's password from the app tile, the source you select must have both Authentication and Password Management enabled.
  • The accounts in this source must match the accounts on the source selected under Account Source specified in the app's Configuration tab. Otherwise the app does not appear on the users' Launchpads.

11. Click Save.

12. Complete any additional configuration as described in How do I configure an app in IdentityNow?

The user's IdentityNow account and all apps that use the source from step 10 will appear under a single listing in the Passwords panel.

In addition, all apps that share this authentication source get updated with the source credentials when the user completes the following steps:

1. Launch the app

2. Provide correct credentials

3. Refresh the Launchpad

dir password 3.png

NOTE: If your system has a Password Sync Group, a user's changes to their password can also affect apps connected to other sources. See How do I create a password sync group?​ for more information.

Managing Other Sources' Passwords on an SSO App

This section describes how to let users manage passwords on SSO apps using a source other than their passthrough authentication source. In summary, you can configure the app to use App Password SSO and select an account source that is configured for Password Management. With this configuration, a user will be able to:

  • Launch the app and replay the password set on the source
  • Update the password on the app and have that change occur on the source

Prerequisites:

  • At least one source configured for your deployment with the Used For settings Authentication and Password Management
  • The app you're working with must have already been configured in its associated administrative interface to use the account source you select in step 9 below.

Complete the following steps:

1. In the Admin interface, go to Applications.

2. Click the application you want to edit.

3. In the Configuration tab, under App Accounts Created By, select Admin (IT).

The Account Source panel is displayed.

dir password.png

4. Under Account Source, select either Specific Users from Source or All Users From Source.

NOTE: Specific Users From Source and All Users From Source require additional configuration and have effects on users' access to the app.

5. In Select Source, choose the source of the app users' accounts.

NOTE: To enable a user to manage their source's password from the app tile, the source you select must have Password Management enabled.

dir password1.png

6. Under Access Management Type, select Launch App.

7. Select the App Password radio button.

8. Click Save.

All apps that use the source from step 5 will appear under a single listing in the Passwords panel.

In addition, all apps that share this account source get updated with the source credentials when the user completes the following steps:

1. Launch the app

2. Provide correct credentials

3. Refresh the Launchpad
app password access management.png

NOTE: If your system has a Password Sync Group, a user's changes to their password can also affect apps connected to other sources. See How do I create a password sync group?​ for more information.

Labels (2)
Version history
Revision #:
1 of 1
Last update:
‎Sep 06, 2017 11:56 AM
Updated by: