Auto Logon for Web Apps

One-click Log in to Web Applications

You can setup PMP to auto-fill the login page of web applications with appropriate username/password information, to allow users to login to those apps with just a few clicks, instead of manually entering the information. This is achieved by the users installing the PMP bookmarklet in their browsers.

What is a bookmarklet?

Every browser allows users to create bookmarks for URLs. A browser bookmark typically contains a static URL and clicking the bookmark opens the URL. A bookmarklet is similar to a browser bookmark, but additionally it contains a piece of unobtrusive script. Clicking on the bookmarklet not only opens the URL, but executes the script which can be used to perform a few tasks on the opened URL. A bookmarklet is a secure mechanism to bring dynamism to browser bookmarks.

How does PMP use bookmarklet for auto logon?

As a requisite step, the PMP user must install the PMP bookmarklet in his/her browser's bookmarks bar. To use auto logon, the user clicks the right resource-name/account-name pair and then the PMP bookmarklet in the bookmarks bar. This bookmarklet first opens the URL of the web app and then executes a script that accesses the PMP web server, retrieves the username/password for the requested web app, populates the fields in the login page of the web app and finally submits the page for authentication. The script works only when the user is logged into PMP and is on the right login page of the application.

How to use the PMP bookmarklet for auto login?

One-time setup

  • Navigate to Home >> Auto Logon tab in the web-interface
  • Click "Web App Passwords"
  • Drag this button bookmarklet-button to the bookmarks bar to install it. This is a one time action required for every browser you use to access PMP.

One-click Auto Login

  • This can be initiated either from "Auto Logon" tab or "My Passwords" tab in PMP Home
  • Locate the right resource-name/account-name that you want to login to
  • Invoke the 'Open URL' against the appropriate credential. This will open the URL in a new browser window or tab
  • Now click the PMP bookmarklet in the browser's bookmarks bar
    If you have permission to access more than one credential for this URL, the choices will be shown as a pick list. Choose one
    This will populate and submit the login information and if the authentication is successful, you will be allowed access to the web app

Security Tip

When using public or shared computer to access PMP and subsequently bookmarklet based auto logon, make sure to remove the PMP bookmarklet from the bookmarks bar after you are done using PMP. Though the bookmarklet does not work when there is no valid PMP session in the browser, the script may be used to obtain information about PMP server's DNS name etc., which can be avoided. The bookmarklet can be installed/removed easily as required.

High Availability Scenario

If you have configured High Availability, in the event of failover, when you connect to the PMP secondary server, the bookmarklet installed for the Primary server will not work for the secondary. You need to install bookmarklet for secondary separately.

©2014, ZOHO Corp. All Rights Reserved.