Preparation

Consider the following before starting the SSO configuration tasks:

Item	Description
Site administration privilege	You should have the ALM site administration privilege to access the SSO Configuration Tool.
IdP	An identity provider (IdP) is available to register ALM as its service provider (SP).
Certificate	You have already obtained a certificate (or a keystore file to store the certificate) that is used for ALM to sign SAML2 and OAuth tokens. The keystore file is uploaded during the SSO configuration process.
HTTPs	The HTTPs communication between the IdP and the ALM server (the proxy or load balancer, if any) is enabled and works.
Certificates	Prepare the following certificates: IdP SSL certificate ALM SAML certificate SSL certificate of the proxy or load balancer that is set up for the ALM server
System time	If ALM is deployed in a cluster environment, make sure the system time on all ALM nodes and on IdP servers is synchronized as closely as possible. The systems on these servers can be configured to use a network time synchronization protocol such as the Network Time Protocol (NTP). If the time on any ALM node is different from the time on the IdP server, the authentication fails.
Node running in load balancer	If ALM is deployed in a cluster environment, make sure only one node is running in the load balancer.

FAQ

Q： We get confused with the IdP certificate, SAML certificate, and HTTPS certificate etc. What certificates are required in ALM SSO configuration and what certificates are used when ALM communicates with IdPs?

Next steps:

Configure service provider

Send Help Center Feedback

Let us know how we can improve your Help Center experience.

Send your email to: docteam@microfocus.com