IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2

Creating AccessProfiles for Windows applications

Windows applications (for example, Win32, 16-bit) such as Company Mail are applications that run on the Windows platform.

About this task

Creating AccessProfiles for Windows applications requires the following tasks:
Parent topic: Creating standard AccessProfiles for different application types

Creating a logon AccessProfile for Windows applications

Use the AccessProfile Generator to create a logon AccessProfile for an application that runs on Windows.

About this task

Captured logon fields are translated into signatures. Signatures contains XML Path Language, a language that facilitates XML document navigation to select elements and attributes.

IBM® Security Access Manager for Enterprise Single Sign-On uses signatures to identify application screens and Windows elements. These signatures are then communicated into AccessAgent.

The next time the same fields are presented, AccessAgent automatically supplies the user credentials in their respective fields.

For more information about Signatures, see Creating advanced AccessProfiles.

Procedure

  1. Open AccessStudio by selecting Start > All Programs > ISAM ESSO AccessStudio > AccessStudio.
  2. Start the AccessProfile Generator by clicking the New icon.
  3. Select New AccessProfile (using Assistant).
  4. Click Next from the Welcome window.
  5. Launch the application for which you want to create an AccessProfile.
  6. After the application screen or Web page opens, click Next to proceed.
  7. Enter a unique name for the application in the Application name field.
  8. Select Windows application as the application type.
  9. Click Next.
  10. Select the Logon radio button.
  11. Click Next.
  12. Enter a unique name in the Enter a name field for the screen or Web page you want to capture.
  13. Based on your selected task, capture identification information for the fields on the application screen.
    Note: The fields available for each automated task vary.
    1. Click the Finder tool from the AccessProfile Generator.
      Note: If the Finder tool is not enabled, click the Edit Signature link, then close the balloon that opens, which enables the Finder tool.
    2. Drag the Finder tool on the matching field in the application screen.

      As you drag the Finder tool to the application, the AccessProfile Generator selects the field or button you want to capture.

    3. When the Finder tool is positioned over the field, release the mouse button. If the field was captured successfully, the Clear option is activated. The default screen name from the application is retrieved. Click Clear to undo the capture.
    4. Use the Extra Field Finder tool to capture an additional field unique to the application, if available for the selected task.

      The Extra Field can be a drop-down list or any domain field group.

    5. Click Edit Signature and click Highlight Control to confirm the captured signature.
    6. Click Advanced Settings to perform the task only when a certain condition is satisfied.

      For more information, see Creating AccessProfiles that perform automation tasks or Editing standard AccessProfiles.

  14. After capturing all the application fields, click Next to proceed.
  15. Optional: Select the logon screen from the Screens identified field and choose from the following optional steps:
    • To edit the previously captured screen, select the screen and click Next.
    • To remove the previously captured screen, select the screen title in the list box and click Delete.
    • For logon screens, select the default settings for similar application screens.

      The options are: Ask User, Do not auto-fill, Auto-fill, and Auto-fill and submit.

      Based on the selection, AccessStudio automates or does not automate similar logon screens as set in this AccessProfile.

  16. Click Next.
  17. Specify whether you want AccessStudio to identify the successful logon. Choose from the following:
    • No. If you select this option, no success screen or message displays.
    • Yes, identify the screen that appears upon successful logon. If you select this option, drag the Finder tool and drop it on the success application screen or Web page.

      When the Finder tool is positioned over the screen or Web page, release the mouse button.

      Based on the captured item, you can also modify the screen title or text.

    • Yes, simply detect closure of the logon screen.

      If you select this option, the logon screen closes without any confirmation.

  18. Click Next.
  19. Do one of the following:
    • Select Use a previously created authentication service and choose an authentication service from the drop-down list.
    • Select the default Create one for me automatically option to create an authentication service.
  20. Click Finish to return to the AccessStudio user interface.

    The captured tasks and the identified screens are displayed in the General Properties tab.

    Important: Test all the AccessProfiles before uploading to the IMS Server. For more information, see AccessProfiles testing.
  21. Upload the AccessProfile to the IMS Server to activate it.
    1. In the Data type pane, right-click on the AccessProfile, and select Upload to IMS.
    2. Click Yes when the IMS Upload Confirmation is displayed.
    Another message box is displayed, indicating the success or failure of the upload.

Creating a change password AccessProfile for Windows applications

Use the AccessProfile Generator to create a change password AccessProfile for an application that runs on Windows.

Procedure

  1. Follow the steps from Open AccessStudio to Select Windows application of the Creating a logon AccessProfile for Windows applications procedure.
  2. If the Standard access profile exists already, follow the steps specified in the Setting advanced options.
  3. Select Change password.
  4. Click Next.
  5. Enter a unique name for the screen you want to capture.
  6. Capture identification information for the fields on the application screen.
    1. Click the Finder tool from the AccessProfile Generator.
      Note: If the Finder tool is not enabled, click the Edit Signature link, then close the balloon that opens, which enables the Finder tool.
    2. Drag the Finder tool to the corresponding field in the application screen. As you drag the Finder tool to the application, AccessProfile Generator marks the field or button that can be captured.
    3. When the Finder tool is positioned over the field, release the mouse button. If a field was captured successfully, the Clear option is activated. The default screen name from the application is retrieved. Click Clear to undo the capture.
    4. Click Advanced Settings to perform the task only when a certain condition is satisfied.

      For more information, see Creating AccessProfiles that perform automation tasks or Editing standard AccessProfiles.

  7. Click Next.
  8. Select the Change Password screen from the Screens identified field.
    1. To edit the previously captured screen, select the screen and click Next.
    2. To remove the previously captured screen, select the screen title in the list box and click Delete.
  9. Specify whether you want AccessStudio to identify the successful changing of the password.
    • The options are No (no success screen or message displays), Yes, identify the screen that appears upon successful change password, and Yes, simply detect closure of the change password screen.
    • If you selected Yes, identify the screen that appears upon successful change password, drag the Finder tool and drop it on the success application screen or Web page.

      When the Finder tool is positioned over the screen or Web page, release the mouse button.

      Based on the captured item, you can also modify the screen title or text.

  10. Click Finish to return to the AccessStudio user interface.

    The captured task and the identified screens are displayed in the General Properties tab.

    Important: Test all the AccessProfiles before uploading to the IMS Server. For more information, see AccessProfiles testing.
  11. Upload the AccessProfile to the IMS Server to activate it.
    1. In the Data type pane, right-click on the AccessProfile, and select Upload to IMS.
    2. Click Yes when the IMS Upload Confirmation is displayed.
    Another message box is displayed, indicating the success or failure of the upload.

Creating a logoff AccessProfile for Windows applications

Use the AccessProfile Generator to create a logoff AccessProfile for an application that runs on Windows.

Procedure

  1. Follow the steps from Open AccessStudio to Select Windows application of the Creating a logon AccessProfile for Windows applications procedure.
  2. Select Logoff.
  3. Click Next.
  4. Select a logoff method. You can either select Close the application or Log off gracefully.
  5. Specify whether there is a specific set of screens or only generic screens for the graceful logoff task.
    • To specify a specific set of screens and actions, select Identify specific screens and set specific actions, click Next, and go to the next step.
    • To specify screens that do not need a custom set of actions, select Create a generic set of actions for unidentified screens, click Next, and go to Specify actions for logoff step.
  6. If you chose Identify specific screens and set specific actions, specify the following details:
    1. Identify the logoff screen by entering a unique name for the screen capture.
    2. Click the Finder tool from the Unique screen text for identification field.
      Note: If the Finder tool is not enabled, save the AccessProfile as it is, then restart AccessStudio.
    3. Drag the Finder tool on the matching field in the application screen. As you drag the Finder tool to the application, AccessProfile Generator marks the field or button that can be captured.
    4. When the Finder tool is positioned over the field, release the mouse button.
    5. Click Advanced settings to perform the task only when a certain condition is satisfied. For more information, see Creating AccessProfiles that perform automation tasks.
    6. Click Next.
  7. Specify actions for logoff.

    Select the action you want to automate from the Available actions drop-down list. See Creating AccessProfiles that perform automation tasks for details.

    1. Select each action, enter a menu path, or use the Finder tool.
    2. click Add.
    3. Click Next after adding all the required logoff actions.
  8. Identify the logoff screen.

    Select the logoff screen you have captured from the Screens (last screen if checked) field.

    • To edit the previously captured screen, select the screen and click Next.
    • To remove the previously captured screen, select the screen title in the list box and click Delete.
  9. Click Finish to return to the AccessStudio user interface.

    The captured task and the identified screens are displayed in the General Properties tab.

    Important: Test all the AccessProfiles before uploading to the IMS Server. For more information, see AccessProfiles testing.
  10. Upload the AccessProfile to the IMS Server to activate it.
    1. In the Data type pane, right-click on the AccessProfile, and select Upload to IMS.
    2. Click Yes when the IMS Upload Confirmation is displayed.
    Another message box is displayed, indicating the success or failure of the upload.

Creating an "other task" AccessProfile for Windows applications

Use the AccessProfile Generator to create a uniqueAccessProfile for an application that runs on Windows.

Procedure

  1. Follow the steps from Open AccessStudio to Select Windows application of the Creating a logon AccessProfile for Windows applications procedure.
  2. Select Other tasks as the task to automate.
  3. Click Next.
  4. Enter a unique name for the other task screen to capture.
  5. Based on your selected task, capture identification information for the fields on the application screen.
    1. Click the Finder tool, drag to the corresponding fields on the application screen. As you drag the Finder tool to the application, AccessProfile Generator marks the field or button that can be captured.
    2. When the Finder tool is positioned over the field, release the mouse button. If a field was captured successfully, the Clear signature option is activated.
    3. The default screen name from the application is retrieved. Click Clear signature to undo the capture.
    4. Click Advanced settings to perform the task only when a certain condition is satisfied. For more information, see Creating AccessProfiles that perform automation tasks.
  6. Click Next.
  7. Specify actions for the task.
    1. Select from the drop-down list of available actions. See Creating AccessProfiles that perform automation tasks for details.
    2. Click Add.
  8. Click Next.
  9. Identify the task automation screen. Select the screen you have captured from the Screens identified field.
    • To edit the previously captured screen, select the screen and click Next.
    • To remove the previously captured screen, select the screen title in the list box and click Delete.
  10. Click Finish to return to the AccessStudio user interface.

    The captured task and the identified screens are displayed in the General Properties tab.

    Important: Test all the AccessProfiles before uploading to the IMS Server. For more information, see AccessProfiles testing.
  11. Upload the AccessProfile to the IMS Server to activate it.
    1. In the Data type pane, right-click on the AccessProfile, and select Upload to IMS.
    2. Click Yes when the IMS Upload Confirmation is displayed.
    Another message box is displayed, indicating the success or failure of the upload.

Feedback