Previous Topic: Choose an Authentication MethodNext Topic: Make a Software Resource Available to Users

Single Sign-On ServiceSSO Getting Started GuideSSO using a Third-party IdP and Self-registrationCreate an Application(Optional) Configure Single Sign-On

(Optional) Configure Single Sign-On

Note: The option to configure single sign-on settings only appears in the User Console if you have purchased the SSO service.

During partnership configuration for an SSO application, a hosting administrator specifies a federation attribute for the partnership. The system uses this attribute to exchange information with the target software resource during single sign-on operations. For example, when configuring an SSO partnership between CA CloudMinder and salesforce.com, a hosting administrator chooses User ID as the federation attribute. The system retrieves this attribute from the database and forwards it in a SAML assertion to salesforce.com to facilitate single sign-on.

Some target software resources require the federation attribute to have a specific format. If this format differs from the format CA CloudMinder uses for the attribute, use the following steps to set the attribute value to the required format. This process is named setting the rule string for the attribute.

Note: Only configure the rule string if the software resource requires that the attribute take a format different from the way it is stored in the CA CloudMinder database.

Follow these steps:

  1. In the Create Application screen, click Configure Single Sign On settings for the application.

    The Single Sign On configuration settings appear.

  2. Select the Federation User Attribute.

    The attribute that you choose must match the assertion attribute that is indicated in the SSO partnership configuration for this application. If the attribute names do not match, users cannot successfully access this application through SSO. To confirm the assertion attribute name that is indicated in the partnership configuration, refer to your hosting administrator. SSO partnership configuration information is available in the CSP Console.

  3. Configure the rule string for the Federation User Attribute.

    The rule string is the format that you want the attribute to take when the system passes it to the target software resource.

    Note: To learn the exact format that is required for this attribute, refer to your hosting administrator, or an administrator at the target software resource.

You have created an application and applied an authentication method. You have also configured single sign-on settings if applicable. You can now include this application in a service so that users can access the application.