Integrating CA Identity Manager and CA Single Sign On is a complex process with many manual steps and processes that can be tricky to implement and maintain. Before deciding on this particular configuration, analyze your business requirements and see if this integration is truly necessary.
What functionality is gained by integrating CA Identity Manager and CA Single Sign On?
CA Identity Manager 14.x
CA Single Sign On 12.x
If all you want/need is for SSO to protect the CA Identity Manager resources, you can choose to loosely integrate the two products, by turning off IM's FrameworkAuthScheme and protecting the /iam/IM* resources as you would any other URL resource in SSO. You can see more details on this here:
By doing this you lose these functionalities:
|Auth/Az mapping for login:|| https://docops.ca.com/ca-identity-manager/14-2/EN/configuring/ca-single-sign-on-integration/ca-sso-operations/configure-an-environment-to-use-different-directories-for-authentication-and-authorization/|
|Access Roles in SMPS:||https://docops.ca.com/ca-identity-manager/14-2/EN/administrating/access-roles|
|Password Policies that leverage SSO's password features||https://docops.ca.com/ca-identity-manager/14-2/EN/user-console-help/password-policies/ca-identity-manager-and-ca-siteminder-integration-password-criteria|
|Using Identity Manager’s password services page for resources protected by SiteMinder domain that is linked to an IME||https://docops.ca.com/ca-identity-manager/14-2/EN/user-console-help/password-policies/password-policies-overview|
|Collect User Credentials Using an SSO Custom Authentication Scheme (certificate based auth, RSA, multiple factor (AA based), etc.)||https://docops.ca.com/ca-identity-manager/14-2/EN/configuring/ca-single-sign-on-integration/ca-sso-operations/collect-user-credentials-using-a-custom-authentication-scheme|