How USO Works

 Contact Us
The USO Sign-On Model below illustrates a combination of primary and secondary sign-on operations.


Click on image to enlarge

    USO Features
    How Does USO Work?


USO leverages the AccessMatrix security infrastructure for administration, authentication, authorization and audit services. The following AccessMatrix components are required to support the USO operation:

  • Policy Manager (PM) and Policy Editor (PE) - They are used for:
    • Policy Management
    • Application Management
    • User Management

  • Access Manager (AM) and Application Security Agent (ASA) - They are used for primary sign-on and retrieve target application information for secondary sign-on.

  • Service Manager (SM) - SM is used to configure and start/stop AM and PM.

There are three USO specific components: USO Trainer, USO Client and USO Agent.

USO Trainer

  • Used to learn the login & password change sequence of each target application.

  • Records the attributes about screen identification and field mappings so that the appropriate login information will be automatically passed to the application during run time.

  • Includes the default application level security policy for login behavior and password change.

  • Provides a testing option to test the login and password change sequence captured by the trainer.

  • Can export the information learnt by the trainer to an application definition file (ADF). Administrators can then use PE to import the application information into the AccessMatrix security server. Administrators can change or set the application level security policy if necessary using PE.

USO Client

  • Resides on the client desktop and communicates with the USO Agent to get the application login and the information.

  • Installed automatically with no manual desktop installation required.

  • Monitors the desktop environment and examines program execution and screen flows. If it finds a match based on the pre-defined information, it will pass in the login information to the screen input fields of the target applications.

  • Uses a 3DES key stored PTD (Personal Trust Device) such as SmartCard to decrypt the information stored in the PSE (Personal Secure Environment) such as login user id and password.

USO Agent

  • One of the server components residing on the web server. It serves as a gateway between the USO client agent and the AccessMatrix security server in the online SSO mode.

  • Maintains secure connections to the AccessMatrix security server via ASA.

  • Users primarily sign on to the AccessMatrix security server by accessing the USO login page. The USO agent then retrieves the application list that the logged-in user is allowed to access and pass to the USO client.