Validate identity provider and enable SSO

Prerequisite: Set up your profile

This section describes how to enable SSO.

Validate an IdP

To enable SSO, you first validate the alm IdP.

You validate an IdP to verify the IdP configuration and the communication between ALM SP and the IdP.

Note: If you enable local authentication and select Local Authentication as the authentication method, you can enable SSO directly without validating the IdP.

Prerequisites

Ensure the following before you validate an IdP.

  • At least one ALM site admin user is already mapped to an IdP user.
  • The ALM and IdP URLs are added to the IE trusted URLs.

Validate an IdP using the wizard

You can validate an IdP using the SSO Configuration Wizard. It is applicable to non-SaaS environments only. For SaaS environments, see Send validation URL to IdP users for validation.

To validate an IdP using the wizard:

  1. In the Enable SSO step, from the Identity Provider field, select the IdP you want to validate.
  2. At the bottom of the step, click Validate.
  3. In your IdP login page, enter your IdP username and password.

  4. In the Validation Status field, check the validation status:

    Status Description
    Pending Validation The initial status of SSO validation.
    Validation Success The validation passes.
    Validation Failure The validation fails. Failure details are displayed below the Validation Status field.

Send validation URL to IdP users for validation

You can copy the validation URL and send it to IdP users for remote validation.

Note: In SaaS environments, you can only send the validation URL to IdP users for SSO validation.

  1. In the Enable SSO step, from the Identity Provider field, select the IdP you want to validate.
  2. At the bottom of the step, click Copy Validation URL.
  3. In the Copy Validation URL dialog box, click Copy and send the link to IdP users.

    When the IdP users open the link, they are redirected to the IdP login page. After entering the IdP username and password, they are redirected to a page that tells whether or not the validation succeed, and if not, what the reasons are.

    If email notification is enabled, the specified site admin users can receive email about who accessed the SSO validation URL. For details, see Send Notification.

Back to top

Enable SSO

After the alm IdP is validated successfully, you can enable SSO.

To enable SSO, in the bottom right corner of this step, click Enable SSO.

After you enable SSO:

  • You cannot disable it.

  • The Enable SSO step is renamed to SSO Validate, and the Enable SSO button disappears.

  • You can add additional IdPs.

Back to top

FAQ

Back to top