Set up SSO authentication

This section provides details on how to set up SSO authentication for connecting to ALM.

SSO authentication overview

Single sign-on (SSO) is an authentication process that allows users to access multiple applications using a single username and password. With the SSO solution, you no longer need to enter your username and password repeatedly when switching between applications.


Back to top

How ALM supports SSO

ALM supports SSO through SAML 2.0 and acts as a service provider (SP) for SSO. Alternatively, it supports SSO through OpenID Connect (OIDC) and acts as a relying party (RP). To let ALM act as an identity provider (IdP), you must implement a federation service with the federation protocol of SAML 2.0 or OIDC.

The ALM SSO solution works as follows:

  1. A user logs in to an application that can serve as an identity provider (IdP).
  2. The user requests access to an ALM resource.
  3. ALM sends an authentication request to the IdP to obtain the user information. With the user information, ALM attempts to locate an ALM user matching the IdP user and decides whether or not to grant the user access to the ALM resource.

    Consider the following scenarios:

    Scenario Details
    A matching user exists in ALM ALM checks the IdP user by Identity Key and IdP ID. If both of these are located to one ALM user, the IdP user is authorized.
    No matching user exists in ALM

    The user is not authorized and cannot log in.

    If auto user-provisioning is enabled, ALM runs the auto user provisioning process to create or find a matching user in ALM. For details, see Auto user provisioning .

Back to top

SSO Configuration wizard

The SSO Configuration wizard enables you to set up SSO authentication by following step-by-step on-screen guidance.

To open the SSO Configuration wizard, from Site Administration, click Tools > SSO Configuration.

Note: The SSO Configuration wizard does not support the Internet Explorer browser.

The SSO configuration process involves the following steps:

  1. Preparation

  2. Configure service provider

  3. Configure identity provider

  4. Set up your profile

  5. Validate identity provider and enable SSO

Back to top