|
|
|
If single sign-on (or ‘SSO’) is enabled for the parent CMS of the application server, users skip the logon dialog when they start up the iConsole. Instead of the user supplying credentials to access the console, CA DLP relies on the fact that the user has successfully logged into Windows as sufficient authorization to allow them to log on to the CA DLP account of the same name.
(To log on using a different account, a user must first log out of the iConsole, then log back on from the Logon screen.)
To configure CA DLP to use single sign-on, you must edit the CMS machine policy. You can also grant the administrate privilege Admin: Use single sign-on to individual users (this overrides the CMS policy). Note that account names for CA DLP users must be the same as their native Windows user name (sometimes referred to as the user logon name). That is, an account name prefixed with the user’s domain, for example, unipraxis\lsteel.
For full details, see the Administration console online help; search the index for ‘single sign-on’.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |