Single Sign-On Service › SSO Getting Started Guide › SSO using a Third-party IdP and Self-registration

SSO using a Third-party IdP and Self-registration

Consumers can have access to an application using credentials from an account with a third-party site. The third-party site acts as an external Identity Provider (IdP) relative to CA CloudMinder.

In this scenario, a user accesses a protected resource. The user is shown a page that displays a choice of third-party sites. From the list, the user chooses the third party where they have an account. After successful authentication, the third-party returns the user to the cloud system.

At the cloud system, CA CloudMinder can redirect the user to a self-registration page. The page enables the user to register and establish a user record in the cloud system user directory. After successful registration, CA CloudMinder redirects the user to the requested application.

In this scenario, the following information applies:

• A third party is the IdP that authenticates the user. For example, Facebook.
• CA CloudMinder has two partnership roles:
  • As the SP partner for the third-party IdP.
  • As the IdP that provides the assertion to the SSO application, which is the SP.
• The internal cloud user store is in use.
• SAML 2.0 is the federation profile in use.
• Self-registration is enabled for the application.

The configuration tasks are shown in the following figure:

The following procedures describe each task in detail:

1. Create federated partnerships.
2. Configure and apply and authentication scheme.
3. Create the authentication method.
4. Create an application and enable self-registration.