Separating SecureLogin administrative duties

Separating SecureLogin administrative duties.
Multiple SecureLogin administrators need access to only certain areas.

Separation of administrative responsibility is fully supported in SecureLogin using a combination of SecureLogin preferences and Directory ACL’s, which allows you to separate the rights of Directory Administrators from SSO Administrators.

The following are important to consider when determining ASL administration privileges:

1. Anyone administering SSO data must have rights to read/write data to the 6 protocom attributes on the particular object (e.g. OU, Group Policy, or User).

2. In addition to directory ACL’s, anyone administering SSO data must have NSL preferences set to allow them to perform the desired tasks. The following preferences should be set to Yes

• Allow users to view and modify application definitions (scripts)
• Allow users to view and modify preferences
• Allow users to view and modify names of applications and credential sets

Even if Directory administrators have Supervisor rights to the Directory, they will not be able to administer SecureLogin SSO data without the above preferences set to Yes.

Similarly, if SSO administrators have the appropriate NSL preferences set, they still require ACL’s at the Directory level to administer SSO data.