Environment
Situation
Issue
Customer using SecureLogin Single Sign-On in ADS mode changed some SecureLogin SSO settings using the MMC Snap-in. At the OU level (e.g. OU=Users) SecureLogin SSO had intentionally been locked down so users could not view or edit application definitions or preferences. As desired for the majority of users, they could only see the UserIDs tab when they accessed the system tray icon.
To achieve this, the following SecureLogin settings were set at the container object;
- Allow users to view and change preferences=No
- Allow users to view and modify application definitions=No
- Disable Advanced settings of Manage Logins=Yes
However, the SSO administrator wanted to permit a particular user to have more access than other users in that container so they set the following settings on the ADS user object;
- Allow users to view and change application definitions=Yes
- Allow users to view and modify application definitions=Yes
When these settings were applied and the user accessed the SecureLogin icon in the system tray or via the MMC snap-in, only the UserIDs and Settings tabs appeared. The scripts and password policy tabs did not appear.
Resolution
Cause
SecureLogin SSO is working as designed. The following setting, which is new in v3.5, also affects whether all tabs are displayed.
Disable Advanced settings of Manage Logins
This was set to Yes at both the container and the user object (which hides the tabs mentioned above).
Solution
Customer set ""Disable Advanced settings of Manage Logins"" to No on the user object and that user was able to see all tabs.