I’ve been working with SharePoint SSO and learning as I go. One way in which this works is that you tell SharePoint about external applications. Users log into that application via some SharePoint function (e.g. iView web part). The first time the user performs this action, it prompts them for the correct user id and password to use for that system. It’s setting up a mapping between your SharePoint credentials and your credentials for that backend system. Thereafter, the user won’t have to enter their ID when they hit up that system.
That part worked well for me. However, it begs the question, “how does the user change that user id or password?” The user might have made a mistake, or maybe you’re doing some testing in a dev environment and need to quickly switch between accounts.
I don’t know the answer to that, but I do know that you can go into Central Administration and manage the user’s credentials:
Central Administration –> Operations –> Manage Single Sign-On –> Manage Account Information for an Enterprise Application Definition
From there, you can specify the external application (e.g. SAP) and the account you want to delete. You can also change the mapping.
If you know how to allow end users to directly change their credentials, kindly post a comment 🙂
Follow me on Twitter at http://www.twitter.com/pagalvin