4.13.2 How to Disable the SnapApp Extension for Specific URLs in 4.13.2

How to Disable the SnapApp Extension for Specific URLs in 4.13.2

To disable the SnapApp extension to ignore a specific webpage (e.g., password reset, forgot password, etc.), we have to add a DisablePageSSO registry setting. Follow these steps to cause SnapApp to ignore a specific webpage:

1. On a client system with XA Client installed, open the registry editor and navigate to this path:
   1. Computer\HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\eXactACCESS\SnapAPP Settings
2. Create a new key under SnapApp Settings and set its name to DisablePageSSO.
3. Next, under DisablePageSSO, create a new key with the name of the domain of the relevant site.
   Note: Ensure you only use the domain name without any www, HTTP, or https.
4. For the domain name key, add the specific URLs as string values in the right panel as shown below.
   Note: URLs added here should NOT contain the dynamic part, like any query string value or any parameter for username or ID.
5. SnapApp will check for the DisablePageSSO setting in the registry and then will check for the domains. If the domain of the current URL exists in this list, then SnapApp will check for the blocked URLs for that specific domain and will exclude those URLs from its default behavior, meaning it will not fetch and set credentials for that URL.
6. This process uses Wild Card Pattern Matching to match the current URL with the partial URLs specified here.

Example

In this example, we have a domain cloud.tenable.com on which we want to disable the SnapApp extension for some pages/URLs.

We have two URLs: a Login Page URL and a Forgot/Reset Password Page URL.

• Login Page URL: https://cloud.tenable.com/tio/app.html#/login
• Forgot/Reset Password Page: https://cloud.tenable.com/tio/app.html#/login/password-reset/e3894099254792fb83f4f354bcd1354687335e8b1df0918
• Note: There is a dynamic part after the word "password-reset" on this URL. This could be anything like a user ID, category info, or a GUID. We have to exclude that part of the URL when adding it to the DisablePageSSO setting in the registry.

Case 1: When a user enters the login page URL, it will not match the existing URL in the registry. So SnapApp will work as usual.

Case 2: When a user enters the password reset page URL, it will match with the existing URL in the registry with the help of the Wild Card Pattern Matching process. We check the registry URL with an asterisk (*-the wildcard used in matching) included at the end of the URL that the user has entered. In this case, the user's URL will match with the existing one, and SnapApp will be disabled for that page and will not fetch & set credentials there.

Note: The disablePageSSO setting is an advanced setting for SnapApp and will not be in the registry by default. If we want this feature, we have to add this setting under SnapAPP Settings in the registry.