Necessary AD permissions to allow support staff access to manage SecureLogin via the MMC snap-in

  • 7940489
  • 19-Aug-2009
  • 26-Apr-2012


Novell SecureLogin SSO


What AD permissions and ASL preferences need to set so support staff are able to update credentials/variables e.g. Usernames/Passwords using the MMC snap-in?


In order to change values of NSL data that is stored in the Directory e.g. $Variables such as $Username and $Password, support staff must:

  • Have access to the SecureLogin MMC snap-in (or SecureLogin Manager) to view and change the values
  • Write rights to the protocom-SSO-entries attributes on User Objects to be updated/administered (can be set at the OU for all users in that OU and below using the Delegate Control Wizard>User Objects)
  • The following NSL preference must be set on the AD user object of the relevant support staff
"Allow users to modify credentials through the GUI" = YES