This article details steps on creating a browser resource for use with Hypersocket SSO. Any browser resource once created and assigned can then be used by a user to launch either through the user's dashboard from the browser or directly via a URL, in both cases the Hypersocket SSO browser plugin will intercept the request and auto sign in the user.
For information on launching a browser SSO resource refer to the article titled, 'Installing SSO Client Plugin'.
Step 1. Navigating to SSO Menu
To create SSO resources you need to log in with admin or SSO resource management permissions these can be delegated from the Access Control menu. SSO resource management is configured from the Single Sign On menu as shown below, in particular for this article the Browser Credentials option.
Step 2. Locate Application Template
For each application you need to use locate the matching application template using the Search Template button. This has all the settings required to automatically log users in to the app.
From the window that pops up you can locate your application in two ways:
Key in the application you need, in this example I have chosen Twitter.
You can also work through the pages until you find the application you need.
Once the application is found hit Next.
Step 3. Setting Attribute Scopes
Attributes are used to set the username and password for the given browser based application. Each attribute can be either:
- Administrator - Only administrator can defines these for each user
- Fixed - A set username and password that will be predefined for anyone that uses this application
- User - Assigned users can define their own attributes
Each attribute is defined below.
This is great for creating accounts for users but you do not want the end user to know their account credentials.
With the administrator scope you need to define a Attribute Category in which the attributes for the application will be saved. Each user will have this new category added to their profile however, they will not be able to see this. The administrator is the only one that can see this category for each user, they can then set values for each user.
In the image below each a Marketing category for the Twitter template has been created and as an administrator under Access Control->Users I can select each user and set credentials for them.
This is great for sharing a single account, such as twitter where you want to share the account amongst team members but not share credentials.
You are required to set credentials as part of this step, when the resource is assigned no user can see these values.
This is perfect for when each assigned user as their own credentials for the application.
As part of using this you are required to define a category which will hold all the required credentials. This category is then visible from the user's profile.
For each user when the resource is launched the system will use the user's defined credentials/attributes.
Step 4. Assigning Resource
The last step in creating the resource is to assign the new resource to one or more Roles.
In the above image I have a Marketing role with a number of my AD users assigned to this role. Assigning the twitter resource to this role means every user in this role now has access to this resource, you can see this from each user's My Resources page.
Step 5. Refresh Browser Plugin
The browser plugin performs the automated sign in process for the end user, any new resources added or URLs updated for existing resources require a refresh of the browser plugin. As long as the user is already logged into Hypersocket this is done automatically every minute.
The resource can also be manually refreshed, right click on the browser icon and choose Options.
From the page shown, press Refresh to update your local store.
Step 6. Launching Application
You have a number of ways in which the application can be launched, firstly, log into Hypersocket and from the user dashboard under My Resources->Browser Resources, clicking the green Launch icon will log the user into the application.
Alternatively, as long you have logged into Hypersocket previously and your login session has not expired, you can access any assigned application by directly navigating to the URL from your browser URL bar, as long .
The plugin will recognise the site and auto sign you in.
You should now be able to create, and assign SSO browser applications to your end users as well as launch these as an end user. For more information on the browser plugin refer to the article titled, 'Installing the SSO Client Plugin'.