Product Documentation

Planning Your Single Sign-on Plug-in User Configurations

Feb 07, 2011

A user configuration is a unique collection of settings, password policies, and applications that you apply to users associated with an Active Directory hierarchy (organizational unit or an individual user) or Active Directory group (except for distribution groups and Domain Local groups in Active Directory mixed mode, which are not supported). A user configuration enables you to control the behavior and appearance of the plug-in software for users.

User configurations set your user information, application definitions, password policies, and identity verification methods. You must also specify license information (license server and license type) in each user configuration. Therefore, your users cannot use the plug-in software until you establish their user configuration settings.

Before you create your user configurations, ensure that you already created or defined the following:
  • Your central store
  • Optional service modules
  • Application definitions
  • Password policies
  • Security questions (optional)
User configurations consist of the following:
  • Users associated with an Active Directory domain hierarchy (organizational unit or individual user) or group.
  • Data protection methods.
  • Application definitions you created, which you can combine into an application group when you create a user configuration.
  • Password policies associated with any application groups. (While creating a user configuration, you can create one or more application groups to associate with a user configuration. You can also add an application group to a user configuration after you create the user configuration.)
  • Self-service features (account unlock and password reset) and key management options (use of previous passwords, security questions you create for your users, and automatic key management).
  • Settings for options such as Hot Desktop, credential provisioning, and application support.

Associating user configurations to groups is supported only in Active Directory domains that use Active Directory authentication.

Consider the following when planning your Single Sign-on Plug-in user environment:

  • If you need to apply the same user configuration settings to a different group of users, duplicate the user configuration in the console and modify the settings accordingly.
  • How you organize your Single Sign-on user environment might affect how user configurations operate. That is, you associate user configurations in your Single Sign-on environment with an Active Directory hierarchy (OU or users) or an Active Directory group. If you use both (hierarchy and group) and a user is located in both containers, the user configuration associated with the hierarchy takes precedence and is the one used. This scheme is considered a mixed environment.
  • The user configuration information maintained in the central store takes precedence over information stored in the local store (that is, user data stored on a user’s computer). The local store user data is mostly used when the central store is not available or offline.