When should Identity Manager and Single Sign On be tightly integrated?

book

Article ID: 108069

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

Integrating CA Identity Manager and CA Single Sign On is a complex process with many manual steps and processes that can be tricky to implement and maintain. Before deciding on this particular configuration, analyze your business requirements and see if this integration is truly necessary.

What functionality is gained by integrating CA Identity Manager and CA Single Sign On?

Environment

CA Identity Manager 14.x
CA Single Sign On 12.x

Resolution

If all you want/need is for SSO to protect the CA Identity Manager resources, you can choose to loosely integrate the two products, by turning off IM's FrameworkAuthScheme and protecting the /iam/IM* resources as you would any other URL resource in SSO. You can see more details on this here:

https://communities.ca.com/thread/99851321

By doing this you lose these functionalities:
 
Auth/Az mapping for login: https://docops.ca.com/ca-identity-manager/14-2/EN/configuring/ca-single-sign-on-integration/ca-sso-operations/configure-an-environment-to-use-different-directories-for-authentication-and-authorization/
 
Access Roles in SMPS:https://docops.ca.com/ca-identity-manager/14-2/EN/administrating/access-roles
Password Policies that leverage SSO's password featureshttps://docops.ca.com/ca-identity-manager/14-2/EN/user-console-help/password-policies/ca-identity-manager-and-ca-siteminder-integration-password-criteria
 
Using Identity Manager’s password services page for resources protected by SiteMinder domain that is linked to an IMEhttps://docops.ca.com/ca-identity-manager/14-2/EN/user-console-help/password-policies/password-policies-overview
Collect User Credentials Using an SSO Custom Authentication Scheme (certificate based auth, RSA, multiple factor (AA based), etc.)
 
https://docops.ca.com/ca-identity-manager/14-2/EN/configuring/ca-single-sign-on-integration/ca-sso-operations/collect-user-credentials-using-a-custom-authentication-scheme