Connector GuidesConnectors GuideConnecting to EndpointsCA SSO Connector for Advanced Policy ServerConnector-Specific Features › Acquire a CA Single Sign-On Server

Previous Topic: Connector-Specific Features

Next Topic: Roles and Policies
Acquire a CA Single Sign-On Server

You must acquire the CA Single Sign-On server before you can administer it with CA Identity Manager. When acquiring an CA Single Sign-On server, perform the following steps from the Endpoint Type task view:

  1. Register the server as an endpoint in CA Identity Manager.

    Use the PLS Endpoint property sheet to register an CA Single Sign-On server. During the registration process, CA Identity Manager identifies the CA Single Sign-On server you want to administer and gathers information about it.

    Note: Ping the node name from the Provisioning Server. If the ping is successful, then you know that CA Identity Manager will find the PLS node.

  2. Explore the objects that exist in the endpoint.

    After registering the server in CA Identity Manager, you can explore its contents. Use the Explore and Correlate Endpoint dialog. The Exploration process finds all accounts and groups in the SSO server.. You can correlate the accounts with global users at this time or you can correlate them later.

  3. Correlate the explored accounts with global users.

    When you correlate accounts, CA Identity Manager creates or links the accounts on an endpoint with global users, as follows:

    1. CA Identity Manager attempts to match the account name with each existing global user name. If a match is found, CA Identity Manager associates the PLS account with the global user. If a match is not found, CA Identity Manager performs the next step.
    2. CA Identity Manager attempts to match the full name with each existing global user's full name. If a match is found, CA Identity Manager associates the PLS account with the global user. If a match is not found, CA Identity Manager performs the next step.
    3. If the Create Global Users as Needed button is checked, CA Identity Manager creates a new global user and then associates the PLS account with the global user. If the Create Global Users as Needed button is unchecked, CA Identity Manager performs the next step.
    4. CA Identity Manager associates the PLS account with the [default user] object.