How to handle password changes when the application is logging on so quickly via SSO, that the user is unable to click the "Change Password" button on the logon box.

Customer SSO enabled an application. They handled logon, invalid username, invalid password, password expiry, user invoked change password and account locked.

Prior to installing SecureLogin, the user could either change their password themselves or were forced to change it when it expired every 28 days. When the user wanted to change the password themselves, they clicked on the ""Change Password"" button on the logon box before entering the application.

After SecureLogin was installed, logon via SSO was so fast the user never had a chance to click the button. SecureLogin sees the logon prompt and enters the username and password and clicks OK to logon in a matter of milliseconds.

The customer wanted to know if there was a way to allow the user the opportunity to click on the ""Change Password"" button if desired.

Cause

SecureLogin is logging onto the application so quickly the user is not able to click the ""Change Password"" button.

Solution

By default, if you configure SSO for an application it will simply enter the credentials required (e.g. username/password) and logon. The process will flash before the user’s eyes and they won’t get a chance to click ""Change Password"" if the button appears on the application logon box. However, SecureLogin is extremely customizable and flexible and can be tailored to suit your needs.

One option is to include a Delay 3000 (setting is in milliseconds, 3000=3 seconds) in the application definition, after entering the logon credentials and BEFORE clicking OK. This would effectively give the user 3 seconds to click the ""Change Password"" button. SecureLogin would see the Change Password screen and respond accordingly, allowing the user to set a new password.

Another option would be to use time counters that would display a message every X number of days asking if the user wants to change their password (you could ask this question every time the application starts but this would probably annoy users). If the user wants to change their password, SecureLogin would click the ""Change Password button"", otherwise the application would simply logon.