When should Identity Manager and Single Sign On be tightly integrated?
Article ID: 108069
Updated On:
Products
CA Identity Manager
CA Identity Governance
CA Identity Portal
CA Risk Analytics
CA Secure Cloud SaaS - Arcot A-OK (WebFort)
CLOUDMINDER ADVANCED AUTHENTICATION
CA Secure Cloud SaaS - Advanced Authentication
CA Secure Cloud SaaS - Identity Management
CA Secure Cloud SaaS - Single Sign On
Issue/Introduction
Integrating CA Identity Manager and CA Single Sign On is a complex process with many manual steps and processes that can be tricky to implement and maintain. Before deciding on this particular configuration, analyze your business requirements and see if this integration is truly necessary.
What functionality is gained by integrating CA Identity Manager and CA Single Sign On?
What functionality is gained by integrating CA Identity Manager and CA Single Sign On?
Environment
CA Identity Manager 14.x
CA Single Sign On 12.x
CA Single Sign On 12.x
Resolution
If all you want/need is for SSO to protect the CA Identity Manager resources, you can choose to loosely integrate the two products, by turning off IM's FrameworkAuthScheme and protecting the /iam/IM* resources as you would any other URL resource in SSO. You can see more details on this here:
https://communities.ca.com/thread/99851321
By doing this you lose these functionalities:
https://communities.ca.com/thread/99851321
By doing this you lose these functionalities:
| Auth/Az mapping for login: | https://docops.ca.com/ca-identity-manager/14-2/EN/configuring/ca-single-sign-on-integration/ca-sso-operations/configure-an-environment-to-use-different-directories-for-authentication-and-authorization/ |
| Access Roles in SMPS: | https://docops.ca.com/ca-identity-manager/14-2/EN/administrating/access-roles |
| Password Policies that leverage SSO's password features | https://docops.ca.com/ca-identity-manager/14-2/EN/user-console-help/password-policies/ca-identity-manager-and-ca-siteminder-integration-password-criteria |
| Using Identity Manager’s password services page for resources protected by SiteMinder domain that is linked to an IME | https://docops.ca.com/ca-identity-manager/14-2/EN/user-console-help/password-policies/password-policies-overview |
| Collect User Credentials Using an SSO Custom Authentication Scheme (certificate based auth, RSA, multiple factor (AA based), etc.) | https://docops.ca.com/ca-identity-manager/14-2/EN/configuring/ca-single-sign-on-integration/ca-sso-operations/collect-user-credentials-using-a-custom-authentication-scheme |
Feedback
Yes
No
Powered by
