How to centrally define and control which applications are SSO enabled

How can I centrally define and control which applications are SSO enabled?

By disabling the Add Application wizards using the SecureLogin preferences, you can prevent users from adding their own applications to the Single Sign-on group. You can also remove users ability to view and modify application definitions via SecureLogin preferences, further locking down SecureLogin’s behavior.

In a Directory environment (e.g. ADS, eDirectory, Sun One) the SecureLogin administrator would SSO enable the desired applications in the following way:

• Select and customize the applicable predefined application definitions.
• Use the powerful wizards and customize application definitions for applications that are not in the predefined list.
• Customize using scripting as required, depending on your requirements.
• Test thoroughly.
• When ready for deployment, Single Sign-on enable the applications by publishing them at the container or group policy level so the application is SSO enabled for all users in the container or group.
• At the container or group policy level, set the preference to prevent users from having access to view and modify application definitions.
• At the container or group policy level, set the preference to disable the add application prompts.

Using this approach, the Single Sign-on environment is centrally managed and SecureLogin will only respond to applications that you have specifically enabled.