When should Identity Manager and Single Sign On be tightly integrated?
search cancel

When should Identity Manager and Single Sign On be tightly integrated?

book

Article ID: 108069

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

Integrating CA Identity Manager and CA Single Sign On is a complex process with many manual steps and processes that can be tricky to implement and maintain. Before deciding on this particular configuration, analyze your business requirements and see if this integration is truly necessary.

What functionality is gained by integrating CA Identity Manager and CA Single Sign On?

Environment

CA Identity Manager 14.x
CA Single Sign On 12.x

Resolution

If all you want/need is for SSO to protect the CA Identity Manager resources, you can choose to loosely integrate the two products, by turning off IM's FrameworkAuthScheme and protecting the /iam/IM* resources as you would any other URL resource in SSO.

By doing this you lose these functionalities:
 

Auth/Az mapping for login: https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-manager/14-4/configuring/ca-single-sign-on-integration/ca-sso-operations/configure-an-environment-to-use-different-directories-for-authentication-and-authorization.html 
 
Access Roles in SMPS: https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-manager/14-4/administrating/access-roles.html 
Password Policies that leverage SSO's password features https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-manager/14-4/user-console-help/password-policies/ca-identity-manager-and-ca-siteminder-integration-password-criteria.html 
 
Using Identity Manager’s password services page for resources protected by SiteMinder domain that is linked to an IME https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-manager/14-4/user-console-help/password-policies/password-policies-overview.html 
Collect User Credentials Using an SSO Custom Authentication Scheme (certificate based auth, RSA, multiple factor (AA based), etc.)
 		 https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-manager/14-4/configuring/ca-single-sign-on-integration/ca-sso-operations/collect-user-credentials-using-a-custom-authentication-scheme.html 
Powered by Wolken Software