Setting the Logon policy

When you set up a Framework, Web Access, or BridgeIT application using Configuration Center, you can specify the Logon policy you want to use. For information about choosing the most appropriate logon policy, see Choosing the logon policy. The options are:

You need to use a Framework application that has the Logon policy set to Explicit only whenever you upgrade the database. For more information about upgrading your database, see Upgrading the Ivanti database.

When you select Token only as the Logon policy for an application, you need to specify the following values:
STS Issue Token Url – the URL for the STS Issue Token that you want to use (for example, https://servername/STS/IssueToken)
User Name and Password – the credentials for a Windows Administrator account for the server hosting STS.

Web Access connects directly to the database itself, so you do not need a Framework with a Logon policy that matches that of Web Access.

If you are also connecting BridgeIT to Ivanti Endpoint Manager, then you must have a Framework with the Logon policy set to Token only or Identity Server.

If your BridgeIT application has the Logon policy set to Explicit only, then users sign in using their Service Desk or Asset Manager credentials; if it is set to Token only, they sign in with their network credentials.

With the Logon policy set to Shibboleth only, secure access to Service Desk and Asset Manager becomes the responsibility of Shibboleth.

For information about configuring Shibboleth, see the documentation supplied with it and Configuring Shibboleth authentication.

For Integrated only, Token only, Shibboleth only, and Identity Server, you need to associate Service Desk and Asset Manager users with a network login using the Administration component in the Console.

For more information about user management, see User Management.

To associate a Service Desk or Asset Manager user with a network login:
  1. In the Administration component of console, expand the User Management tree.
  2. Expand the Users branch and select the required user.
  3. In the Actions list, click Add Network Login.
    The Network Login dialog appears.
  4. Enter the Network Login for the user (in the format domain\username), then click OK.
    The network login appears in the Network Login folder under the user.

Consider creating another Web Access and BridgeIT application in the same instance, connecting to the same database, but with the Logon policy set to Explicit only. This will enable users who do not have a network login, but who do have a Service Desk or Asset Manager account, to access your Service Desk or Asset Manager system using a different web address.