Configuring › How to Enable External Authentication of Users

How to Enable External Authentication of Users

By default, CA Service Catalog uses CA EEM to authenticate users. However, you can optionally configure CA Service Catalog to authenticate users with external applications such as CA SiteMinder, IBM Tivoli, and others. The process consists of the following tasks:

1. Install and implement the external authentication application, according to its documentation.

   Note: If you are using CA SiteMinder as your external authentication application, see the Integration Guide for instructions to integrate CA Service Catalog and CA SiteMinder.

2. For reference, review the following examples to see how these applications typically send user authentication to CA Service Catalog. If applicable, adjust your settings to match these examples.
   • CA SiteMinder sends user identity information (authenticated user) with sm-user artifact name in the request header
   • IBM Tivoli sends user identity information with iv_user artifact name in the request header
   • Microsoft Internet Information Server (IIS) sends user identity information with request when configured for Windows NTLM
   • Apache sends user identity information with request when configured for Windows NTLM
   • For other external authentication applications, see their documentation
3. Test the configuration on both CA Service Catalog and the external authentication application.
4. Verify that CA Service Catalog successfully receives and processes the authenticated users that the external authentication application passes. If necessary, adjust the parameters on both systems as needed.
5. Optionally configure single sign-on for the authentication method that you are using:
   • Windows NTLM authentication
   • External authentication