Enterprise Administration Guide › Implementing Shared Accounts › SAM Endpoint and Shared Account Creation › Create a Login Application

Create a Login Application

A login application uses a script to execute an application on the endpoint that automatically logs you in to a privileged account after you check out the privileged account password. Login applications let you configure the SAM automatic login.

You can create the following types of login applications. Each type of login application is a Visual Basic script:

• JUNIPER_NETSCREEN_WEB.vbs—Lets you automatically log in to the web interface of a Juniper Netscreen firewall.
• MSSQL2005Studio.vbs—Lets you automatically log in to the Microsoft SQL Server 2005 Management Studio.

  Note: Install the Microsoft SQL Server 2005 Management Studio on your computer to use the MSSQL2005Studio login application.

• MSSQL2008Studio.vbs—Lets you automatically log in to the Microsoft SQL Server 2008 Management Studio.

  Note: Install the Microsoft SQL Server 2008 Management Studio on your computer to use the MSSQL2008Studio login application.

• NOKIA_IPSO_WEB.vbs—Lets you automatically log in to the Nokia IPSO operating system on a Check Point firewall.
• ORACLE_10G_WEB.vbs—Lets you automatically log in to the Enterprise Manager web interface of an Oracle 10g database.
• ORACLE_10XE_WEB.vbs—Lets you automatically log in to the Database Home Page web interface of an Oracle XE database.
• ORACLE_11G_WEB.vbs—Lets you automatically log in to the Enterprise Manager web interface of an Oracle 11g database.
• PUTTY.vbs—Lets you automatically log in to an SSH Device endpoint.

  Note: Install PuTTY Release 0.60 or higher on your computer to use a PuTTY login application.

• RDP.vbs—Lets you automatically log in to a Windows endpoint using Remote Desktop.

  Note: For RDP automatic login by RDP.vbs run from the Enterprise Management UI, mstsc.exe must be located in the windows\system32 folder.

• RDP_Ad.vbs—Lets you automatically log in to the Active Directory management console using Remote Desktop.
• REFLECTION.vbs—Lets you automatically log in to an endpoint using Reflection terminal emulation.

  Note: By default you can use Telnet only. To use other connection methods (RSH, RLOGIN) you must modify the Visual Basic script. See the Reflection documentation for details.

• FTP.vbs—Lets you automatically log in to a Windows FTP server.

The automatic login application scripts are located in the following directory:

JBOSS_HOME/server/default/deploy/IdentityMinder.ear/config/sso_scripts

When you use an automatic login to check out a privileged account password on a Windows Agentless endpoint, CA ControlMinder Enterprise Management propend the host domain to the name of the privileged account. Before you create a login application for a Windows Agentless endpoint, verify the following points:

• If the endpoint is part of a workgroup, verify that the computer name is specified in the Host Domain field.
• If the endpoint is part of a domain, verify that the domain name is specified in the Host Domain field.

  Note: You can use the Modify Endpoint task to modify the Host Domain field.

By default, you must have the System Manager role to create a login application. You can use login applications only in Microsoft Internet Explorer browsers.

Follow these steps:

1. In CA ControlMinder Enterprise Management, click Privileged Accounts, Login Application, Create Login Application task.

   The Create Login Application: Login Application Search screen appears.

2. (Optional) Select an existing login application to create the login application as a copy of it, as follows:
   1. Select Create a copy of an object of type Login Application.
   2. Select an attribute for the search, type in the filter value, and click Search.

      A list of login applications that match the filter criteria appears.

   3. Select the object that you want to use as a basis for the new login application.
3. Click OK.

   The Create Login Application task page appears. If you created the login application from an existing object, the dialog fields are prepopulated with the values from the existing object.

4. Complete the following fields:

   Name

   Defines the name by which you want to refer to this login application.

   Description

   (Optional) Defines the information that you want to record for this login application (free text).

   Script

   Defines the Visual Basic script to use to launch the login application.

   Note: We recommend that you do not customize these supplied scripts.

   Enable

   Specifies that this login application is enabled.

   Click Submit.

   CA ControlMinder Enterprise Management creates the login application. Before a user can use a login application, modify your endpoints in CA ControlMinder Enterprise Management to use the login application. Perform additional configuration steps on the endpoints to use terminal integration, and to use login applications on Windows Server 2008 endpoints.

More information:

Modify Windows Server 2008 Endpoints to Use a Login Application