Single Sign-On Service › SSO Getting Started Guide › SSO Using Advanced Authentication and Provisioning for a Sensitive Application › Configure an IdP to SP Partnership

Configure an IdP to SP Partnership

This scenario explains how to enable SSO to a sensitive software application owned by a partner, such as Salesforce.com. The application requires strong authentication due to confidential nature of the information. Also, you want to provision this user for the application after single sign-on is successful.

Set up an IdP-to-SP partnership between CA CloudMinder (IdP) and the business partner (SP) to enable this deployment.

In these instructions, the following information regarding SSO applies:

• The business partner is the Service Provider (SP).
• CA CloudMinder is the Identity Provider (IdP).
• The internal cloud user store is in use.
• SAML 2.0 is the federation profile in use.
• Identity Management provisions the user.

The following figure shows the configuration tasks required for IdP-to-SP partnership:

The following procedures explain how to set up the IdP-to-SP partnership:

1. Import keys and certificates into the certificate data store.
2. Create the IdP and SP entities.
3. Establish a user directory connection.
4. Configure the IdP-to-SP partnership.
5. Activate the partnership.