How do I permanently exclude (or include) certain executables from SecureLogin? For example, a virus scanner that is always running in windows but we never want SSO enabled?
SecureLogin will watch the executables you publish as SSO enabled in the Directory. You publish them at the OU level (e.g. OU=Users) and all users in that OU automatically inherit them. This is how most organizations determine which applications are SSO enabled and which arenât.
In addition, there are other methods to temporarily deactivate SecureLogin or disable SSO for a particular application or a particular user for troubleshooting purposes. The exclude.ini method should only be implemented if advised by experienced SecureLogin administrators/consultants.
There is a way to permanently include or exclude executables (it only works for Windows applications (.exe) with SecureLogin. This allows you to determine which exeâs SecureLogin will NEVER watch (even if an application definition is written and published), or which it will ONLY watch for.
It is not often used, but maybe useful if you wish to exclude SSO from watching an executable that is constantly running (e.g, virus scanner) or determine a hard coded list SecureLogin will watch for.
- For optimal performance, the following executables are excluded from SSO by default. They are hard coded and can be added back in using the methods described in this document.
To permanently exclude or include specific windows applications from being watched by SSO, create an exclude.ini file in the SecureLogin directory. The exclude.ini file should contain a list of the application executables that you want to exclude. Even if a script is written for them, SSO will never watch these executables.
- An example of a simple exclude.ini file would be (these files would be appended to the hard coded list that SecureLogin never watches):
By default, SecureLogin will exclude the listed applications in the exclude.ini file. If there are only a few applications that you want SSO enabled, type Include at the top of the file and then list the application executables that you want to include. Using this method, the hard coded list would still be excluded and these files would be the ONLY files ever watched by SecureLogin (any other SSO enabled published applications would be ignored by SecureLogin)
A way of resetting the hard coded list so no executables are excluded by default is to type Nodefault at the top of the file and then Exclude the files you desire.