Is there a way to force a user to enter a “Master PIN” every time an application starts. I want to use the same PIN for all applications, and have SecureLogin only retrieve the appropriate application credentials and logon if the PIN is

I have configured SecureLogin and want to protect all my applications with the same PIN so users are prompted with a challenge before SecureLogin will retrieve and enter credentials and logon to applications. Is there a way to force a user to enter a “Master PIN” every time an application starts. I want to use the same PIN for all applications, and have SecureLogin only retrieve the appropriate application credentials and logon if the PIN is verified.

By default, with SecureLogin SSO installed, a user simply launches an SSO enabled application and SecureLogin will automatically retrieve and enter the relevant application credentials and logon to the application.

However, some organizations want protection in case someone walks away from their computer momentarily and forgets to enable their screen saver. They don’t want someone else to be able to walk up and run the application without being challenged in some way. Using SecureLogin, this issue can be easily addressed in a number of ways, depending on your requirements.

The strongest security is provided by integrating with SecureLogin Advanced Authentication (SLAA) to force the user to re-verify using a strong logon method before SecureLogin SSO will retrieve the user’s logon credentials.

For example, using SLAA and SSO, a user could be prompted by SLAA to scan their fingerprint, enter their Smartcard/PIN or Token (e.g. VASCO, RSA) before an application logs on. If they are verified, SSO will retrieve and enter the credentials and logon to the application.

This means users are effectively authenticating to the LAN and their SSO enabled applications using strong logon methods, without having to remember (and of course manage) all their usernames and passwords. SSO handles all the complexities of password management in the background and solves the password management issues such as users knowing passwords, writing them down, sharing them, forgetting them, being locked out of accounts etc.

Another popular way of re-verifying is to use a common PIN. This is easily achieved using SSO scripting. Before SecureLogin will retrieve and enter a user’s application credentials, the user if prompted for their PIN, which is stored against a PIN-Verify platform and is checked as required.

Rather than re-entering lines of script, you can use the “Include” command in each application script you wish to re-verify using the PIN. That way one script handles PIN verification for every application and you only need a few lines of script in your individual application script. If you didn’t use the Include command, you would have to repeat all the lines in all the applications.

Contact ActivIdentity support for a copy of the PIN re-verification application defintion.

NOTE: This is not required for smart card and PIN deployments. It is required when a ""Master PIN"" is required without a smart card.