When a user attempts to access a protected resource and the user has not been authenticated, then the user will be redirected to the DualShield SSO logon pages.
The logon procedure of the protected resources is configured in the DualShield Management Console. You can create a logon procedure that consists of one or more logon steps. In each logon step, you can specify the authenticators that the users can use to authenticate themselves.
For instance, an OWA logon procedure typically consists of two steps.
DualShield SSO asks the user to verify by providing credentials of the second factor, e.g. One-Time Password or any other authentication methods that DualShield supports.
Once the DualShield SSO has successfully verified the user, it redirects the user to the OWA’s logon page where the user must authenticate themselves with their AD password.
When the DualShield SSO redirects the user to the OWA’s logon page, it also passes the user’s login name and automatically disables the login name entry in the OWA’s logon page. The user does not need to enter their login name again and cannot change the login name. Furthermore, the DualShield SSO will check the login name submitted in the OWA’s logon page and make sure that the login name has not been altered by any means.