Administration Guide › CMS Administration › Enable Single Sign-on

Enable Single Sign-on

If required, you can configure CA DLP so that users skip the logon dialog when they start up a CA DLP console.

Instead of the user supplying credentials to access the console, CA DLP relies on the fact that the user has successfully logged into Windows as sufficient authorization to allow them to log on to the CA DLP account of the same name. In all other respects, the authentication process is identical to using a logon dialog.

To configure CA DLP to use single sign-on

1. Edit the CMS machine policy.
2. In the Central Management Server policy folder, set Allow Single Sign-on? to True.

   Note: Be aware of the following:

   • The administrative privilege 'Admin: Use single sign-on' allows a user to log on with single sign-on, even if single sign-on is disabled on the CMS.
   • This functionality requires that users wanting to run consoles have CA DLP account names prefixed with their domain, for example, UNIPRAXIS\lyndasteel.