See this page, which covers setting up SSL for both xFlow and Jasper/Insights:
https://docops.ca.com/ca-service-management/17-1/en/administering/enable-ssl-authentication-for-ca-service-management-solution/enable-secure-socket-layer-for-xflow-interface#EnableSecureSocketLayerforxFlowInterface-ConfigureSSOforaService At page end it has settings for Single-Sign On, which reads as applying to everything on the page before it.
-----------------------------------------------------
Configure SSO for a Service
Perform the following steps to configure Single-Sign On (SSO) for a service:
Specify authenticationtype= SSO within the application.conf file.
Specify SSOArtifactType = HEADER.
The SSOArtifactType can take any one of these values (COOKIE, HEADER, PARAMETER, REQUEST)
Specify SSOArtifactName= sm_user.
Users should be present in CA SDM with access policy set to Allow external authentication.
If a user is not present in CA SDM, Error 401 (unauthorized error) is shown.
-----------------------------------------------------
The only other thing is that it does look like SAML is referenced quite a lot in the documentation, so unless there is a good reason to avoid it, it may be worth considering - at least for later.