When should Identity Manager and Single Sign On be tightly integrated?