What is the SSO agent?

The SSO Agent is responsible for the automatic entry of login data in applications. This enables logins without knowledge of the password, which can be a particularly valuable tool in combination with password masking. The authorization concept is used to define which users should receive access. However, the password remains hidden because it is entered by Password Safe.


The SSO agent is installed together with the Password Safe client and can then be used by users (assuming they have sufficient permissions). A separate installation is thus not necessary. A desktop link is created for both the client and also for the SSO agent.

User rights

The right Can create web applications is required for creating new web applications


The functionality of the SSO agent is illustrated in the following diagram.

RDP and SSH sessions() are not automatically started via the SSO agent. Applications are created for this purpose in the Password Safe client. The creation and use of these connections is explained in detail in the corresponding section.

Automatically starting all other types of connection is the task of the SSO agent. The following types of connections exist:

  • Entering login data in Windows applications: Alongside the above-mentioned RDP and SSH sessions, other Windows applications can also be automated (). A major difference is that the two above-mentioned connections are set up and “embedded” in a separate tab. Other applications, such as e.g. VMware, are directly started as usual (more…). In these cases, the SSO agent takes over the communication between the application server and the Windows applications.
  • Entering login data on websites: Password Safe can automate the login process on websites. This means that the desired login is configured once via the add-on and can be efficiently used in future (in the same way that favourites are used). The SSO agent acts as an interface () here between the applications server and the available browser add-on (Google Chrome, Internet Explorer and Mozilla Firefox).


As the SSO agent is directly connected to the application server, login data can also be entered without the main client. Exceptions are the RDP and SSH connections. These are forced to remain part of the client. The SSO agent thus acts as a lean alternative for the use of the client with the two limitations mentioned. Naturally, all of the steps completed are still entered in the logbook and are always traceable.

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.