Creating Custom Launchers in IBM Security Verify Privilege with AutoIT and Session Connector
IBM Security Verify Privilege (ISVP) provides organizations with a powerful platform for privileged access management, enabling secure, traceable, and seamless elevation of user access to critical systems and applications. One of the lesser-known but extremely useful capabilities of ISVP is the ability to create custom launchers. These launchers allow users to access third-party applications through their local machine or via a proxy mechanism, while ISVP securely injects credentials stored as secrets.
In many cases, creating a custom launcher is straightforward. If the third-party application accepts username and password parameters through command-line tools such as CLI or PowerShell, ISVP can pass these credentials directly from the vault to the application during launch. This makes integration clean and requires minimal configuration.
However, not all applications support command-line authentication. In scenarios where credentials cannot be provided via CLI, ISVP still offers a flexible workaround through an intermediate proxy system. This is where AutoIT becomes a valuable tool. By creating an executable automation script with AutoIT, it is possible to simulate keyboard input and pass credentials to the remote application automatically. ISVP then launches this script so the end user can access the target application without ever seeing or manually entering credentials.
To make this process work, it is necessary to set up an ISVP Session Connector on a Windows Server configured with the Remote Desktop Services (RDS) role. The Session Connector acts as a bridge between ISVP and the remote application, allowing the AutoIT based automation package to run on the server. After installing the Session Connector, ISVP can trigger the AutoIT executable you created, sending the necessary authentication data through its Send command. This allows the username and password stored as ISVP secrets to be supplied silently to the application.
Once the AutoIT script is complete and the Session Connector is in place, the user experience becomes seamless. End users simply click the custom launcher within ISVP. The system then triggers the proxy server, executes the AutoIT automation, sends the appropriate credentials, and virtualizes the application session. The result is a secure, proxy-based access flow that ensures credentials never reach the end user’s device while still providing frictionless usability.
This method is especially valuable for legacy or proprietary applications that lack modern authentication capabilities. By combining ISVP’s privileged credential management with AutoIT’s automation flexibility, organizations can securely onboard almost any application into their privileged access workflows. It is an elegant solution that balances security with practicality, empowering teams to expand ISVP’s reach without modifying existing applications.
If you want help creating an AutoIT script or configuring the Session Connector, feel free to ask.