Administration Guide › CMS Administration › Enable Single Sign-on

Enable Single Sign-on

If required, you can configure CA Data Protection so that users skip the logon dialog when they start up a CA Data Protection console.

Instead of the user supplying credentials to access the console, CA Data Protection relies on the fact that the user has successfully logged into Windows as sufficient authorization to allow them to log on to the CA Data Protection account of the same name. In all other respects, the authentication process is identical to using a logon dialog.

To configure CA Data Protection to use single sign-on

1. Edit the CMS machine policy.
2. In the Central Management Server policy folder, set Allow Single Sign-on? to True.

   Note: Be aware of the following:

   • The administrative privilege 'Admin: Use single sign-on' allows a user to log on with single sign-on, even if single sign-on is disabled on the CMS.
   • This functionality requires that users wanting to run consoles have CA Data Protection account names prefixed with their domain, for example, UNIPRAXIS\lyndasteel.