Set up SSO authentication
This section provides details on how to set up SSO authentication for connecting to ALM.
SSO authentication overview
Single sign-on (SSO) is an authentication process that allows users to access multiple applications using a single username and password. With the SSO solution, you no longer need to enter your username and password repeatedly when switching between applications.
Note:
-
Due to the security control of your browser, you may experience issues logging in to an SSO environment. To avoid these issues, OpenText recommends that you enable TLS connections. For details about enabling TLS connections, see the installation guide.
-
For CAC (Common Access Card) and SiteMinder authentication, see the ALM External Authentication Configuration Guide.
-
If you upgrade ALM to 24.1 from an earlier version with SSO enabled, ensure SSO still works by re-deploying the SSO components after the upgrade. For details, see Components preparation.
How ALM supports SSO
ALM supports SSO through SAML 2.0 and acts as a service provider (SP) for SSO. Alternatively, it supports SSO through OpenID Connect (OIDC) and acts as a relying party (RP). To let ALM act as an identity provider (IdP), you must implement a federation service with the federation protocol of SAML 2.0 or OIDC.
The ALM SSO solution works as follows:
- A user logs in to an application that can serve as an identity provider (IdP).
- The user requests access to an ALM resource.
-
ALM sends an authentication request to the IdP to obtain the user information. With the user information, ALM attempts to locate an ALM user matching the IdP user and decides whether or not to grant the user access to the ALM resource.
Consider the following scenarios:
Scenario Details A matching user exists in ALM ALM checks the IdP user by Identity Key and IdP ID. If both of these are located to one ALM user, the IdP user is authorized. No matching user exists in ALM The user is not authorized and cannot log in.
If auto user-provisioning is enabled, ALM runs the auto user provisioning process to create or find a matching user in ALM. For details, see Auto user provisioning .
SSO Configuration wizard
The SSO Configuration wizard enables you to set up SSO authentication by following step-by-step on-screen guidance.
To open the SSO Configuration wizard, from Site Administration, click Tools > SSO Configuration.
Note: The SSO Configuration wizard does not support the Internet Explorer browser.
The SSO configuration process involves the following steps: