Single Sign-On
Single Sign-On (SSO) is a feature of DigitalPersona AD that allows IT administrators to simplify user logon to DigitalPersona Security Applications and enterprise applications, including traditional Windows applications, websites and web applications, terminals, and Citrix or similar software thin client solutions, without needing to modify existing processes.
Single Sign-On supports multiple authentication credentials in configurable combinations to provide the utmost flexibility in customizing the feature to your environment.
Configuring Single Sign-On
Configuration of Single Sign-On requires two steps:
-
Disable the Session Authentication Policy setting for the computers where you want to implement SSO.
-
Create managed logons for any resources that you want users to be able to access during a Windows session without needing to provide additional authentication. These logons must have their Start Authentication Immediately property set to Yes when they are created by the administrator.
Disabling Session Authentication
In Active Directory, disable Session Authentication for the OU (or domain) where you want to use SSO:
-
In the Group Policy Management Editor, click Session Authentication Policy at the following location:
Computer Configuration/Policies/Software Settings/DigitalPersona/Security/Authentication
-
On the Session Policy tab, select Disabled.
Creating Managed Logons
To implement SSO, the managed logon for each resource that will be part of SSO must include use of the Start Authentication Immediately setting.
When creating a managed logon for a resource (using the Password Manager Admin Tool), on the Logon Screen Properties page of the Logon Screen Wizard, choose Yes for the Start Authentication Immediately setting.
For further information, see Creating Managed Logons.
