54.9 Managing Credential Sharing Groups

Credential sharing groups are sets of applications that share the information of one or more fields to facilitate account management, allowing users to apply a credential change made in one application to other specified applications automatically. For each Credential sharing group that you create, you can include any number of applications and designate which credentials they have in common.

When the Access Portal Service handles a credential change for any application that is a member of the sharing group, it automatically applies the credential change to all other group members. Any number or combination of applications can share a single credential. You can also designate a key field; that is, a field that the Access Portal Service uses when updating shared credentials, changing credentials only for accounts with the same key value.

Note:

Applications will share credentials only for their initial deployment unless you enable credential sharing groups.

the Access Portal Service provides flexibility and granularity for you to control how credential sharing groups work.

You can configure the following options:

  • Sharing any or all fields for a group of applications:

  • Pre-filling all shared fields when a user first encounters an application in a sharing group, thus requiring the user to enter information only for fields that are not shared by the group.

  • Automatically creating an account when a user encounters an application for which all credentials are pre-determined.

  • Designating a key field; that is, a field that the Administrative Console uses when updating shared credentials, changing credentials only for accounts with the same key value.

The next sections describe how to create new groups or edit existing ones. After you create a group, the process for configuring it is the same as editing an existing one.

54.9.1 Searching for a Credential Sharing Groups

You can search for a credential sharing group by entering a name or partial string.

To search:

  1. Click Federation at the top of the Administrative Console, then click Credential Sharing Groups in the Access Portal Service section of the tab that appears.
  2. Enter a name or partial string in the Name field, and click the Search button. The results appear in the Search Results table.
  3. Click on any group in the Search Results list to edit its configuration. Continue to step 3 in the next section to learn more about configuring these settings.

Figure 54-5 Credential Sharing Groups tab

Description of Figure 54-5 follows
Description of "Figure 54-5 Credential Sharing Groups tab"

54.9.2 Creating a Credential Sharing Group

You can create a new credential sharing group.

To create:

  1. Click the Create Credential Sharing Group button to launch the New Credential Sharing Group page.
  2. In the Name field, enter a name for the group. Optionally, you can add a description and reference information in the fields at the bottom of this section.
  3. In the Shared credentials settings, select which credentials the group will share. You can include any or all fields:

    • Username

    • Password

    • Third Field

    • Fourth Field

  4. From the Key Credential within group dropdown, select a field. The key credential field provides more granular criteria for updating shared credentials within a group. When a credential changes, updates will only occur for members that share the key field. to update shared credentials only for accounts that share this field value.s only for accounts that share this field value.:

    If the user wants to create an account that is not constrained by the key field, that account must have a new key field to avoid updating all existing accounts.

    Choose one of the following from the dropdown:

    • None (Default)

    • Username

    • Third Field

    • Fourth Field

  5. If desired, select to pre-fill shared fields. This specifies that shared fields will be pre-populated with the shared credentials when the user creates a new account for an application. By default, this option is enabled.
  6. If desired, select to automatically create accounts when all credentials are known. This means that the Access Portal Service will create an account automatically when the user encounters an application that has all fields pre-determined.

    Note:

    This field is available only if Key credential within group is set to None.

  7. Click Save to complete policy configuration, or Cancel to close the tab without saving the group.

Figure 54-6 New Credential Sharing Group Page

Description of Figure 54-6 follows
Description of "Figure 54-6 New Credential Sharing Group Page"

54.9.3 Managing Applications in Credential Sharing Groups

You can add applications to a group during creation of the group or at any time thereafter.

To add applications in credential sharing groups:

Figure 54-7 Add Applications Dialog

Description of Figure 54-7 follows
Description of "Figure 54-7 Add Applications Dialog"
  1. In the Applications section of the group page, click the Add icon. The Add Applications dialog appears.
  2. In the Name field, enter a name or text string and click Search. You can also leave this field blank to return every available application.
  3. After a search, all applications that fit your search criteria appear in the Available Applications list. For each application, the list includes any credential sharing group to which it belongs.
  4. Select one or more applications from the Available Applications list, and click Add Selected. Or simply click Add All to add every application returned by the search.

    If you select an application that is already a member of another group, it will no longer be part of that group.

  5. Click Add when you are finished, or Cancel to dismiss the dialog without making changes.
  6. Click Save to store the changes made to the credential sharing group.