Product Documentation

Application and Form Definition Wizard Overview

May 09, 2015

All application definitions are initially created using the Application Definition Wizard and the integrated Form Definition Wizard.

The Form Definition Wizard defines the characteristics associated with each user credential management form included in an application definition.

Application Definition Wizard Overview

To start the Application Definition Wizard, select the Application Definitions node in AppCenter and then, from the Action menu, select Create application definition.

The Application Definition Wizard collects information for each type of application (Windows, Web, and terminal emulator-based).

Data Collected Windows Web Terminal Emulator
Identify application X X X
Manage forms X X X
Name custom fields X X X
Specify icon X    
Configure advanced detection X X X
Configure password expiration X X X
Confirm settings X X X

Managing Forms with the Application Definition Wizard

Most applications have separate forms for logon and password changes. Some applications also have separate forms that notify users if they successfully changed their password.

Use the Manage forms page to add forms to the application definition. You can also edit and delete forms on this page.

Selecting Add Form starts the Form Definition Wizard that is used to collect the form data for a single form. Use the Form Definition Wizard for each form in the application definition.

Naming Custom Fields

Single Sign-on includes the user name and password fields as required for any logon form. Some applications require additional information such as a database name, domain name, or system name to authenticate the user.

You can add up to two custom fields with the Form Definition Wizard. If you do so, when you return to the Application Definition Wizard, use the Name custom fields page to name these fields.

To create a hot key for the custom field name, place an ampersand (&) in the field name immediately before the letter you want to specify as the hot key. If no hot key is identified, Single Sign-on Plug-in dynamically appends a numeric value as the hot key for the control. This appears on the button as (1) or (2) depending on the number of custom fields defined.

Specifying an Icon for Windows Applications

By default, Single Sign-on uses a different icon to denote between Windows, Web, and terminal emulator-based applications in the Manage Passwords window (formerly known as Logon Manager). However, you can specify a custom icon for Windows applications on the Specify icon page to help users identify specific applications. If you chose the custom icon option, store the icon file in the same location as the application.

Preventing Credential Loops

Use the options on the Configure advanced detection page to mitigate credential submission loops and credential change loops.

On occasion, users may find themselves on a Web site with a credential submission loop. In these cases, users log off from an application which returns them to the logon screen. Single Sign-on Plug-in detects the logon screen and submits the users' credentials, automatically logging them back on. Enable Process only the first logon for this application to prevent the automatic submissision.

When a predefined application is launched for the first time and this option is selected, Single Sign-on Plug-in submits credentials on the initial instance of the logon form without any additional user action required. When users log off and the logon screen appears again, a window appears and stays visible for approximately 10 seconds. Users have three options:

  • Close the window - no credentials are submitted
  • Ignore the window - no credentials are submitted
  • Click the link - credentials are submitted

Closing the application terminates the session and Single Sign-on submits the credentials the next time the application opens.

To prevent a credential change loop, enable Process only the first password change for this application. With this option selected, if users attempt to change their passwords multiple times while accessing a specified application, they are asked to verify subsequent password changes.

Configure Password Expiration

The Configure password expiration page includes options to:

  • Identify a script to run when the password expires.
  • Use the Single Sign-on expiration warning.

You or someone within your enterprise may develop a script to prompt users to change passwords on any or all of their applications at regular intervals, change passwords on any or all of their applications automatically, or a combination of these processes to meet your security and regulatory requirements. To run such a script when the password associated with this application definition expires (as defined in the password policy), enable the run script option and specify the absolute script path. The script path must be accessible to all users. Do not use a Universal Naming Convention (UNC) path.

Typically, the script invokes an associated application using a command prompt interface with a change password parameter.

You can also optionally enable the Use Single Sign-on expiration warning. Enabling this option causes a Single Sign-on password expiration warning to appear when the password policy associated with the application indicates that the password expired. This action displays a re-occurring message that the associated time period has expired but does not force a password change action.

Form Definition Wizard Overview

Use the Form Definition Wizard to:

  • Define a form with the Application Definition Wizard.
  • Edit an existing form.
  • Add a form to an existing application definition.

Use the Form Definition Wizard to define several standard user credential management forms:

  • Logon form

    Identifies the logon interface to an application and manages the actions required to gain access to the associated application.

  • Password change form

    Identifies the password change interface to an application and manages the actions required to change the user password to the associated application.

  • Successful password change form

    Identifies the password change interface to an application and manages the actions required to acknowledge the successful password change for the associated application.

  • Failed password change form

    Identifies the unsuccessful password change interface to an application and defines the actions to take when a credential change operation is unsuccessful.

Password Manager Agent Versions 4.0 and 4.1 do not support successful or failed change credentials forms and do not respond to application definitions containing these forms.

The data collected for each form performs two functions:

  • Uniquely identifies when an application-specific form is started.
  • Performs the appropriate user credential processing actions associated with the form.

The Form Definition Wizard is started from the Manage forms page of the Application Definitions Wizard by selecting Add Form.

The following table shows the form information that is collected for each type of application (Windows, Web, and terminal emulator-based) using the Form Definition Wizard.

Data Collected Windows Web Terminal Emulator
Name form X X X
Identify form X X X
Define form actions X X  
Set field detection rules     X
Configure other settings X X X
Confirm settings X X X