The Assisted Sign-On (ASO) component is an easy-to-use innovation that provides a way to automate the sign-on processes of solution applications. ASO works with adapters within a solution regardless of cross-referencing or project-to-project reference of the adapter project.
Using Assisted Sign-On:
- You can enter and maintain user ID and password information in a credentials window when Pega Robot Runtime™ launches.
- You can enter unpersisted or changed information before you proceed, or you can choose persisted information. You can also reopen the Enter Credentials window by using an automation for credential modifications; the window can show all credentials for all applications or the credentials of one application at a time.
- You can enable automatic login when individual applications present their login screen, automatically populating the user ID and password fields and automatically clicking the login button, to eliminate the need to create an automation that performs the task.
You can choose to implement Assisted Sign-On by configuring the Assisted Sign-on property in the adapter properties.
Pega Robot Studio™ uses the Data Protection Application Programming Interface (DPAPI) to encrypt the application credentials. DPAPI encrypts data using a private key derived from the Windows identity of the user. Only the same Windows user can decrypt the data. Credentials are stored locally on the machine in an encrypted file with the file name ASO.db, which is located under the user application data roaming directory by default. Credentials are encrypted in memory by using a randomly generated entropy that is valid only for the current Pega Robot Runtime session.
The Assisted Sign-On component persists the following strings:
- Application Name
Optional: You can store the password if you set the StorePassword option in the AssistedSignOn section in the RuntimeConfig.xml file to True. The default is False.
Implementing Assisted Sign-On
To implement Assisted Sign-On, you must configure an adapter and interrogate the appropriate user ID and password fields along with the login button. Use the Credential Collection Editor to set up Assisted Sign-On.
You can also group identical ID and password combinations for situations where the same sign-on information applies to multiple applications. The Assisted Sign-On component can also help you handle situations where a user has multiple logins for a single application, such as credentials for a web application.
The Credential Collection Editor window is displayed when you click the ellipsis (...) icon on the Properties window.
To configure the Assisted Sign-On feature, first click the Add button to create a reference of which credentials to configure for the adapter. The properties of the Credential Collector are divided into the following categories: Behavior, Controls, Optional, and Required.
True, for the system to automatically add the login information, when the login dialog is created.
False if you do not want this information automatically filled in.
|FailedLoginRematchAttempts||Number of failed login attempts allowed. The default is three (3).|
The maximum amount of time (in milliseconds) for which a control rematch would be considered a failed login attempt and not a separate, additional login attempt. The default (recommended) is 5000, or 5 seconds.
This property is used to prevent an infinite loop when a page rematches after a failed login attempt.
If the FailedLoginRematchDetectTime threshold is too low and invalid credentials are supplied, causing the controls to rematch; the credentials are automatically used again. This action leads to an infinite loop of login attempts. This may also result in the lockout of the enterprise application user.
In some cases, information is required in addition to the user ID and password, such as a domain name, a Personal Identification Number (PIN), a region, and so on. Web applications typically use this additional information. To allow the additional information, enter True. The default is False.
Note: You must handle the processing of the Domain information in your automation.
|LoginControl||Select the control used to send or process the sign-on information, such as a Sign In or Log In button.|
|PasswordControl||Select the control used for the password.|
|UserNameControl||Select the control used for the user ID.|
Enter a value in this property to display a drop-down list and filter applications on the Assisted Sign-On Login window
This property is used to identify the particular sign-in as part of a group.
For instance, if you use the same user ID and password for multiple applications, you could assign all of those applications to a group, which you would identify here. This way, you only have to set up the username and password once on the Enter Credentials window for all of the applications you assign to that group. The property is case sensitive.
|ApplicationKey||Enter application key. This field helps to uniquely identify the application. The system will default to the name you assigned to the adapter, and it is case sensitive. The application key will be seen by the end user on the Enter Credentials window. Include spaces if necessary to make your entry easier to read.|
You can use settings in the RuntimeConfig.xml file to determine whether the Credential dialog is displayed each time Runtime starts, whether the credentials are stored locally on the workstation, and determine the location of the stored credentials file (ASO.db).
|ShowDialogOnStart||With a value of True, the Assisted Sign-On Credential dialog launches automatically when Pega Robot Runtime starts. The default value is True.|
|StorePassword||When set to True, the password saves to the local disk of the user after saving the credentials on the Assisted Sign-On Credential dialog.|
|FileLocation||Enter the path location to store the ASO.db file.|
The ASOManager component provides the developer with the ability to access, check, or update any ASO-configured adapter within an automation. Depending on the project requirements and the nature of the application, using the ASO Manager component provides seamless integration with the end users by removing the accountability of the end users to launch and access solution applications.
ASO utilizes a toolbox component called ASOManager, which provides different properties, events, and methods. The ASOManager helps to automate any necessary processes or tasks related to the end user signing on when the ASO is implemented.
Consider if an application shuts down for an unexpected error. The developer may need to utilize the ASOManager functionality when automating the restarting of the application.
Using the Enter Credentials window
After setting up Assisted Sign-On, the system displays the Enter Credentials window when it needs credential information from the user, such as a username or password. The following image is an example of the window appearance.
For each listed application, enter the appropriate username and password. You can click on the application to move to that application. When finished, click OK.
If you enter invalid credentials, you receive a notification and are asked to resubmit your credentials.