After it has been SSO enabled and published, how can one application be excluded from SSO whilst leaving the others SSO enabled?

  • 7940116
  • 19-Aug-2009
  • 26-Apr-2012


SecureLogin SSO
All Versions
MS AD, LDAP, NT4, Citrix, Terminal Services



The user SSO enabled a number of applications including SAP. They published the applications at the container so all users in the container who use those applications and have SecureLogin installed on their workstation will login to the apps using SecureLogin SSO.

They then wanted to exclude certain users from logging on to SAP using SecureLogin SSO, but wanted them to SSO to all other applications that have been enabled.

If they deactivate SecureLogin by right clicking the system tray icon and deselecting ""Active"" SSO won’t run at all (as expected). The customer wants to know how to easily disable SSO to only one application, whilst allowing all the others to logon using SecureLogin SSO.


It is possible to disable SSO to one application for one user in two ways:

  • For versions 3.5 and above only. Navigate to Manage Logins using the SecureLogin icon in the system tray, or on the user object using MMC or ConsoleOne. Select the Applications tab and ensure the Enabled check box is unchecked for that application (only).

  • For all versions. Edit the script at the user object and enter a single line containing a comment (start the line with #). This will create a local script that contains one commented line. The local script will take precedence over the corporate script so nothing will be executed for this user.

# Any script with just this line in it will do nothing at all

Additional Information

Root Cause

When an application is SSO enabled and published for all users, it is automatically SSO enabled for users who have;

  • The application installed on their workstation
  • SecureLogin installed on their workstation
  • SSO active on their workstation
  • The application definition is published