IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2

Adding random single sign-on (SSO) items

IBM® Security Access Manager for Enterprise Single Sign-On has a policy that allows you to automatically fill random passwords during password change scenarios.

About this task

The random single sign-on items feature in AccessStudio follows the same set of rules in the AccessAdmin.

The single sign-on takes effect only if the Enable manual password change with random password (pid_auth_fortification_random_pwd_enabled) policy is enabled on the user level in AccessAdmin.

Note: The Administrator can also include the pid_auth_fortification_random pwd_enabled policy in a user policy template to apply the setting to all users or a group of users. See the policies in the IBM Security Access Manager for Enterprise Single Sign-On Policies Definition Guide for more information.

Procedure

Open an existing AccessProfile.
In the States tab, select the Auto-fills user credentials action from the States diagram.
Go to the Properties pane > Form Editor tab and click the Add Random SSO Items twistie to expand.
Select Yes from the Generate new secret drop-down list.
Select Windows control from the Add Random SSO Items drop-down list.
Click Add.
Capture the new password signature of the application.
Select the appropriate option from the Account data item template id drop-down list.
Click Edit below the Signature of the window for injection or capture field. Drag the Finder tool and drop it on the New Password field.
Note: To prevent the user from overriding the auto-generated passwords, the Administrator can add a Click a window action. Capture the signature of the OK button in the change password AccessProfile, then save the action. The next time the change password dialog box is displayed, the new password is automatically filled, and the OK button is automatically clicked.

Results

A random SSO item is automatically generated by the AccessProfile Generator if you profile a change password screen.

Feedback