Environment
Situation
Question
What are the main differences between evaluating SecureLogin in Directory (e.g. ADS, eDirectory) mode and Standalone mode?
Resolution
Answer
If you don’t have an operational test facility and the Directory experts at your organization are (understandably) reluctant to extend the production schema to support an SSO proof of concept, installing SecureLogin in Standalone mode on a production workstation provides an elegant and effictive solution.
With SecureLogin installed in Standalone mode on a workstation connected to the production network, all applications are readily available on the workstation without having to configure a separate test environment, and you don’t have to extend the Directory Schema for the POC. The consultant doing the POC simply logs on to the production network with a test user account and SecureLogin will run.
In Standalone mode, all SecureLogin data is encrypted and saved on the hard disk of the local workstation (and can easily be removed without affecting the production network at all). You won’t have all the functionality and won’t be able to see the full power of the product, but applications can still be fully SSO enabled; enough to prove the concept before deciding to extend the Schema for full functionality.
The following list provides examples of settings that CANNOT be configured in Standalone mode (for more information on settings read the relevant knowledgebase article):
- Allow users to view and modify application definition
- Allow users to view and change preferences
- Allow users to view passwords
- Disable Single Sign-on
- Display the system tray icon
- Enable the New Login Wizard on the system tray icon
- All smart card security preferences
- Stop walking here
In addition, users are unable to change their passphrase if passphrases have been enabled (changing a passphrase requires Directory connectivity because it is stored against the user object).
We do not recommend using Standalone mode to production users you intend to support (e.g. extended pilot of 50 users). There is no centralized management - all application definitions and settings need to be made on each workstation and you can’t view the user’s SSO information without access their workstation.
In Directory mode you make changes and manage SecureLogin centrally using MMC in a Microsoft Active Directory environment, iManager in a Novell Directory environment, and SecureLogin Manager in all other environments.
Note: Although backups of SecureLogin data occurs automatically in Directory mode, if you do install SecureLogin in Standalone mode, make sure you backup SSO data using the SecureLogin system tray icon.
If you do not keep a copy of the SSO data and the hard disk crashes, you will have lost everything because SecureLogin data is encrypted in the file system on the workstation’s local hard disk when in Standalone mode. If it goes, your data goes!