What is SSO
•Agent loaded on workstation, monitoring the events and responding to specific events using configuration objects (SSO Templates)
Process injecting credentials to all targeted applications on a workstation with minimal user input
•SSO utilizes unique authentication process to connect to multiple applications. No password lost or forgotten, you can even remember multiple password for an application.
•Less Help Desk calls for password change. As the user no longer manages the password the agent logs them automatically to the applications.
•Password are more secure. Because users no longer have to remember their password, the complexity of the password can be raised to strong password requirements and frequent changes.
•Increased user satisfaction, user no longer have the burden to manage credentials and automatically log on to application
•SSOMHO.EXE
SSO Mainframe Helper object. This component connects to HLLAPI or to the windows console to capture host events: Mainframe, Windows console / cmd.exe or any supported Hllapi host base product.
•SSOBHO.EXE
SSO Browser Helper Object. This components monitors Internet Explorer based events and connects to web pages
•SSOMOZHO.EXE (if needed and selected at install)
SSO Mozilla Helper Object. This components monitors Mozilla based events and connects to web pages
SSOSHELL.EXE
It connects to the Win32 applications. This is the base component, it synchronizes with the selected repository and provide GUI for v-GO. This is the only component that you can have multiple instances in memory.
•When the sso agent initialize on the workstation, it checks for an SSO profile in HKCU and in %username%\appdata%
–No SSO profile local, the software checks if the user has already enrolled to SSO, if yes it will download the SSO profile from AD. If no profile exist in AD, the agent creates a local SSO profile who is automatically synched with AD.
–Existing SSO profile local. Client will validate if the objects are up to date with the ones in AD , a timestamp will validate which object is newer and update these objects if needed.
–•Users can roam and have access to SSO as long as the machine has the agent installed
•When the SSO agent detects an authorized application, a wizard prompts the user to enter his credentials
•This credential becomes a logon entry
When the SSO agent injects credentials too often in a short period of time, a looping box opens and ask if it is correct to enter the credentials again
•With this box the user can:
–Stop the process
–Modify his credentials
Log back in again
•This process can be adjusted to fit the requirements of the application. This process avoid locking out an account with frequent retries of a non working credential
Symptoms
Solution
SSO agent shortcut is grayed out
User is not an authorized member of the SSO group. Either add the user to the security group or advise him he is not authorized to use the software
SSO agent not in the task bar
Is ssoshell.exe running in memory ? If not, launch it from the application shortcut.
If yes, try to kill the ssoshell.exe and launch it again
SSO agent not responding to the application
•Is there a template for this application ?
•Is this only for this application ?
•Is it possible to reveal the credentials in Logon Manager
• Auto prompt / Auto enter must be checked both in the application and in the template
•If you pause the agent, can you log in manually ?
Credentials grayed out in Logon Manager
It means the template is not available
Press Refresh and wait a few seconds. Check if the template still exists an AD SSOconfig
Key in the Synchronizers do not match
The user has two profiles. Try deleting the local SSO cache and restart v-GO
