User unable to view application definitions and password policy tabs via SecureLogin system tray icon or the MMC Snap-In

  • 7940236
  • 19-Aug-2009
  • 16-Jan-2014

Environment

SecureLogin
SecureLogin SSO
All Versions
Active Directory


Situation

Issue

Customer using SecureLogin Single Sign-On in ADS mode changed some SecureLogin SSO settings using the MMC Snap-in. At the OU level (e.g. OU=Users) SecureLogin SSO had intentionally been locked down so users could not view or edit application definitions or preferences. As desired for the majority of users, they could only see the UserIDs tab when they accessed the system tray icon.

To achieve this, the following SecureLogin settings were set at the container object;

  • Allow users to view and change preferences=No
  • Allow users to view and modify application definitions=No
  • Disable Advanced settings of Manage Logins=Yes

However, the SSO administrator wanted to permit a particular user to have more access than other users in that container so they set the following settings on the ADS user object;

  • Allow users to view and change application definitions=Yes
  • Allow users to view and modify application definitions=Yes

When these settings were applied and the user accessed the SecureLogin icon in the system tray or via the MMC snap-in, only the UserIDs and Settings tabs appeared. The scripts and password policy tabs did not appear.

Resolution

Cause

SecureLogin SSO is working as designed. The following setting, which is new in v3.5, also affects whether all tabs are displayed.

Disable Advanced settings of Manage Logins

This was set to Yes at both the container and the user object (which hides the tabs mentioned above).

Solution

Customer set ""Disable Advanced settings of Manage Logins"" to No on the user object and that user was able to see all tabs.