HP ProtectTools Security Manager: using single sign-on

Welcome to HP's demonstration on using Single Sign On, or S-S-O, in the HP ProtectTools Security Manager. In this demo, you'll learn how to set up and use SSO to store user names and passwords.

You can use SSO to create secure storage of credentials. This can save you from keeping track of and re-entering user names and passwords, particularly when logging in to frequently accessed applications, websites or network resources.

Let's start by taking a brief tour of HP's ProtectTools Security Manager software, then we'll learn how to set up SSO. To begin, open the Start menu and select "HP ProtectTools Security Manger" from the Programs list.

When the program initially opens, it loads security providers.

With HP ProtectTools Security Manger installed on your HP business notebook, you have access to a number of security tools and features that provide a highly secure system.

In addition to SSO, HP business notebooks include a Trusted Platform Module (T-P-M) embedded security chip that lets you perform platform authentication. The TPM chip has a unique key burned in during manufacture that let's you protect against unauthorized access to your notebook before the operating system even loads.

A smart card reader is another security feature that's built in to many HP notebooks, or can be added. You can configure your computer to require insertion of a smart card before the operating system can be loaded or before logging in to Microsoft Windows. You can even use a smart card as part of a multifactor authentication process, such as requiring both a fingerprint and a smart card for log on.

A final option is to use a biometric fingerprint reader on your HP business notebook. Instead of logging in to Windows by typing a password, you would use your fingerprint. It takes just a few minutes to record your fingerprints in the reader and it's a more secure login method because it eliminates the possibility of someone guessing your password.

Now that you're more familiar with some of the security options available for controlling access to your notebook, let's take a quick tour of the HP ProtectTools Security Manager main menu, before we learn how to use the SSO.

After you expand the HP Protect Tools, you'll see two options. You can use the Backup and Restore feature to protect or recover data files.

The next main menu item is Java Card Security, which lets you use an HP ProtectTools Java Card for user authentication when powering on or while in Windows. To use Java Card Security you need a smart card reader, either embedded in your system or as an add-on option.

The next option is BIOS Configuration, where you can view and change the BIOS settings.

Under BIOS Configuration, you can click on the Security section to enhance security by enabling passwords, Smart Card Power-On support, TPM Embedded Security, Power-On Authentication and more.

The final menu choice is Credential Manager. You can register an application with SSO through Services and Applications; we'll review this last.

If you click on My Identity, you can register your credentials in Credential Manager. Use this screen to set or change your Windows password, register your fingerprints with the biometric reader, and perform other security-related tasks.

In Multifactor Authentication, you select which methods to use for user and administrator authentication. When you're in the Credentials tab, just select the Users or Administrators category from the pull-down menu, select the authentication method or combinations of methods and then click OK.

In Settings, you can fine-tune a variety of Credential Manager settings. Navigate among the tabs and use the scroll bar to find the specific options you want to change.

Now that we've done a brief overview of the other aspects of the HP ProtectTools Security Manager, let's learn how to register an application manually in Credential Manager. For this demonstration, we'll open a web browser, go to the Google Gmail login web page, and register credentials.

Let's get started by selecting Single Sign On from Services and Applications.

Click on Register New Application in the menu that appears.

A pop-up appears; this is the SSO Application Wizard. You can register a predefined application previously recognized by Security Manager, or add a new application to register.

Click to Add new SSO application…

and then click Next.

To select the type of activity to include in SSO, open the pull-down menu in the middle of the pop-up window.

In this demo, we'll select the Logon simple dialog option to add SSO credentials for a web page. This is the most commonly used application.

Now we can open a web browser and navigate to the Google Gmail login web page.

In the browser window, enter the URL in the Address text box.

Once the page loads, return to the SSO Application Wizard screen to register the application—in this case, a web page—and record your credentials.

Click and drag the icon over the login box on the Gmail web page. You'll know the box has been selected when it's highlighted with a yellow border. Once it's highlighted, you can release the mouse.

The wizard has automatically advanced and the SSO Application Wizard Application Information screen appears with the fields filled in automatically. This is the data that will be saved in Credential Manager for this website.

Click Finish before continuing.

Now we'll enter the credentials in the Gmail web page, and then we'll submit them to Credential Manager.

After you enter the username and password, open the Credential Manager SSO pull-down menu at the top of your browser window.

Select Submit Credentials from the top of the menu.

A pop-up window will appear. Select your credentials from the list in this Credential Manager Single Sign On dialog box and then click Yes.

Now the web page and associated credentials have been registered with Credential Manager. Let's close the web browser and return to the Credential Manager.

In addition to manual registration, SSO can automatically register credentials for an application or website where it detects a login process. To demonstrate this, let's re-open the web browser and then access the Symantec Norton 360 login web page.

In the address box, enter or paste the website address for the Norton 360 login web page.

Because SSO detects this as a login page, the Credential Manager SSO icon is displayed in the upper-right corner of the browser frame.

Click the SSO icon…

and the Credential Manager Single Sign On dialog box appears. Enter your credentials and then click OK.

A confirmation box appears. Click Yes to have the system remember your credentials.

Credential Manager enters your credentials automatically and will do so each time you access the same web page.

Now that some web pages are registered, let's review the process for managing applications and credentials.

Start by selecting Manage Applications & Credentials.

A pop-up window appears that lists the registered applications and websites. Notice that credentials for Google, for Gmail, and mynortonaccount, for Norton 360, appear in the list. Although the credentials are identical, the software keeps track of them separately based on the unique web pages.

To view or modify a credential's properties, select the specific application and click Properties.

Another dialog box appears. From here you can select any of the options that are appropriate for your credentials.

Once you're satisfied with your selections, click OK.

If you want to remove credentials, first select the entry and then click Remove.

A confirmation window will pop up. If you're certain you want to delete it from the Credential Manager, click Yes.

When you return to the SSO dialog box, you can see that the Google web page has been removed from the list. Click OK to return to the HP ProtectTools Security Manager.

That completes our demonstration of the HP ProtectTools Security Manager. You've learned how to use SSO, which lets you securely access websites, applications and network resources. To end this demonstration, close the web browser demo window.