Login Assist

Available for: Windows 2.x clients.

Login Assist, available in Open Mobile 2.x for Windows, expedites the login process for many commonly visited Web sites by automatically presenting the user’s credentials to the site’s login page. Login Assist can be used on both external and internal web sites. Login Assist-enabled sites are configured in the Open Mobile Portal, and enabled for all users of a given profile.

Login Assist can be a powerful and convenient access management capability.

Requirements

In order to use Login Assist with a website, the following is required:

  • HTML Login: The site must have an HTML-based login page. The login entry cannot be part of a separate popup but must be contained in the page. Flash logins are not supported.
  • Internet Explorer: Users must use Microsoft Internet Explorer to browse to the site. If Windows User Account Control (UAC) is enabled, then Internet Explorer must run in the administrator context. The feature uses an Internet Explorer Browser Helper Object (BHO).
    • In Internet Explorer, the option Internet option Enable third party browser extensions must be selected.
    • Browser Helper Objects (BHOs) can sometimes be identified as spyware, so users may need to allow the BHO in their individual anti-spyware configuration. Administrators may need to whitelist the BHO in the enterprise’s anti-spyware configuration.
  • Profile: The Login Assist entry must be included in the user’s Open Mobile profile, and an account definition in the profile must be created (or assigned) to store the user’s login credentials.

Because of the many variables in the dynamic, real-world environment of the World Wide Web, Login Assist cannot be guaranteed to work on all Web sites. However, for the vast majority of sites with HTML login pages, and reachable by Internet Explorer, Login Assist will be a major convenience for users.

Using Login Assist

When a user first browses in Internet Explorer to a site enabled for Login Assist, Open Mobile prompts for and stores the user’s site login credentials. On all subsequent visits, Open Mobile automatically supplies the stored credentials to the site. The administrator can also enable automatic credential submission, which triggers the submit button and makes the login process automatic. The user is informed when credentials are being passed and when automatic logins are taking place. As a result, users can log in to enabled sites with no (or very little) interaction.

Preventing Site Lockouts

Open Mobile does not validate login credentials, but merely passes them to Internet Explorer, which in turn passes them to the site. If the credentials have been incorrectly entered by the user the first time, or are no longer valid, these credentials could be passed repeatedly to the site and rejected, possibly causing a site lockout. As a result, Login Assist will pass login credentials to a login page once per navigation per Internet Explorer tab.

For example, after a long absence from Login Assist enabled Site A, a user navigates to it again. Because the user’s credentials stored in Login Assist have expired, the login fails. If the user were to navigate to Site A again in the same IE tab, Login Assist would not attempt to pass any credentials to Site A.

However, if the user were to navigate to Site B in the same tab, and then navigate to Site A again, Login Assist would be invoked for Site A.

If the site returns a login error, the user can manually enter the correct site credentials, and then later take steps to edit the credentials recorded in Open Mobile. (In the example, the user could correct the Site A credentials after the first failed login.)

To edit a user’s Login Assist credentials:

  1. In Open Mobile, click Options | Accounts.
  2. Select the account used for Login Assist.
  3. Edit the credentials as needed, and then click Close.

Initial entry of site credentials (when the user first browses to the page) is crucial to login success. Even if incorrect credentials are entered by the user, Open Mobile will still store them. The user will need to manually edit them later to correct them.

Auto-Submit

If Auto-Submit is configured for the site, Open Mobile will automatically trigger the submission button on the login page after the credentials are entered. When logging into a site with Auto-Submit configured, the user will receive a message that reads, “Logging into <site>…” where <site> is the name of the site.

If Auto-Submit is not configured, the user will need to click the button manually, after Open Mobile automatically passes the credentials. When logging into a site without Auto-Submit configured, the user will receive a message that reading “Passing credentials to <site>…” where <site> is the name of the site.

Quick Launch

Login Assist can work in conjunction with Quick Launch (although it is not required). A Quick Launch item can be created to launch a Login Assist-enabled site. Login Assist will then automatically pass the credentials to the launched site. If Auto-Submit is enabled, site login will be a routine 1-click experience for the user (just by clicking the Quick Launch menu item).

In order for this process to work optimally, Microsoft Internet Explorer must be set as the user’s default browser.

Configuring Login Assist

There are two Open Mobile profile components involved in Login Assist: the account definition and the Login Assist entry.

Account Definition

The first profile component is an account definition used to store the user credentials for the site. It can be one of two types: * A general Open Mobile account definition. This can be useful for logins to multiple sites that share credentials. If these credentials change later on, they only need to be changed in the single Open Mobile account, rather than changing them in multiple places in Internet Explorer. * A dedicated account definition, created expressly for storing credentials for a single site. This can be easier to maintain from a user perspective, because each account stores only a single set of credentials and can be named appropriately (For example, an account used just for Facebook logins could be called FacebookAccount).

An individual’s account credentials are not stored in the account definition—just the credential types required by the site login.

Login Assist Entry

The second profile component is a Login Assist entry that contains information on the site URL, the required credential types, and Open Mobile behavior regarding the site. The URL can be an external Web site, an internal or intranet site, or any other site reachable by Internet Explorer. A Login Assist entry can be one of the many Login Entry presets available on the Open Mobile Portal, or can be configured by the administrator individually by a customized XML file uploaded to the Open Mobile Portal.

Considerations about Credential Types

Username Including Domain Name

For some sites, the username may include a domain name. For example, usernames based on email addresses would include domain names (such as user@domain.com). For these sites, users should always include the domain name as part of the username credential. Login Assist cannot combine username and domain credentials from an account definition to create a single credential.

Password Caching

Account passwords are saved for the duration set in the account definition. If the password is set to save forever, the user would only need to enter it a single time.

If the password save duration is set to a shorter value in the account definition (for example, a specified number of minutes, or until software restart), the user would be required to manually enter the password after the duration expires.

Login Assist Presets

The Open Mobile Portal includes a list of preset sites that can be incorporated into your profiles. These presets include Salesforce.com, Box.net, LinkedIn, Yahoo!, Gmail, Yammer, E*TRADE, and Facebook.

You should make sure an Open Mobile account has been defined for the profile before configuring Login Assist. The account must contain the required login credential types (typically username and password) for the site.

To enable a Login Assist preset in a profile:

  1. From the rotating list of Login Assist Web sites, select the site you would like to add. (Use the arrow buttons to scroll the list left or right to select the entry.)
  2. Under the rotating list, select Enable <Site>, where <Site> is your selected site. An enabled site is shown with a green checkmark in the rotating list.
  3. In the Assign Account drop down, select an account. The credentials from this account will be passed to Internet Explorer when logging in to the site.
  4. To enable Open Mobile to automatically submit the account credentials, select Auto-Submit Login.
  5. Click Save.

For sites not in the list of presets, or for internal Web sites, you can create a custom Login Assist file.

The Dynamic Web

Because the particulars of many Web sites are subject to change, some Login Assist entries may become incorrect or obsolete over time. This is true both for presets and for custom Login Assist entries. When and if this occurs, the Open Mobile profile with the Login Assist entry would require a revision in order to function, and a new version of the profile would need to be published to existing users.

For instance, Example.com, a site that formerly only required username and password credentials, now requires username, password and domain for enhanced security. However, the Open Mobile account definition used for Login Assist to Example.com does not include a domain credential. As a result, the existing Login Assist would fail to log a user in.

In this instance, a new account would need to be assigned to the Login Assist entry for Example.com, which included domain as part of the supplied login credentials. Then, a new version of the existing Open Mobile profile, including the revised Login Assist entry, would need to be created and pushed to users to enable Login Assist to the site once again.

iPass will make every attempt to keep Login Assist presets current. If the login page of a preset site changes, iPass will update the preset at the next Open Mobile Portal release. In the interim, if one of these sites makes alterations to its login URL or requirements, customers can create a custom Login Assist file until the next Portal update.

Create a New Profile > Configuration Settings > Integration

 

©2015 iPass Inc. All rights reserved. Terms of Use