What happens if a user forgets their password to an application?

  • 7940154
  • 19-Aug-2009
  • 07-Jan-2014


SecureLogin SSO
All Versions
MS AD, LDAP, NT4, Citrix, Terminal Services



The customer has SSO enabled a number of applications. A user who has been on vacation runs SecureLogin for the first time and has entered an invalid password for one of their SSO enabled applications. They can’t remember it!

After they attempted to enter their password, SecureLogin prompted them the password is incorrect but they have forgotten their password altogether.

How can the user logon to the application?



When an application runs for the first time after it has been SSO enabled, the user must ""teach"" SecureLogin their password so it can ""remember"" it for all future logon attempts.

The user has forgotten their password so they have stored an invalid password for the application.

SecureLogin remembers what the user enters. It can detect it is wrong and advise the user, but if the user really doesn’t know their password the password must still be reset on the application (luckily you now have SSO to save you having to do so in future).


The user must contact the Helpdesk to reset their backend application password. Using SecureLogin you could display a message advising which phone number to call rather than relying on the standard application message such as ""Invalid Logon"".

Once this has been done, the administrator can use MMC (in an ADS environment), ConsoleOne (in Novell Directory environments) or SecureLogin Manager (other) to save the password for the user. This is how SecureLogin is informed of the new password. Alternatively, the user could start the application and enter the new password as advised by the administrator instead of the administrator filling it in for them.

From then on, SecureLogin will remember the password forever and phone calls to the Helpdesk relating to forgotten passwords are a thing of the past. The user can forget their password forever since SSO manages it from now on.

Because the user doesn’t have to remember it, they can’t write it down, share it, or use it to logon to systems when they leave the organization.