Configuring Multi-Web Console Single Sign-On (SSO)
Applies To: Web Consoles and Admin Consoles in a single CommCell environment
Before you can log on to multiple Web Consoles with a single set of credentials, you must identify all of the Web Console clients that should use single sign-on and define one Web Console as the IdP. You can define the IdP at the client computer group level or at the CommServe level through a Control Panel setting.
Before You Begin
To enable Multi-Web Console SSO, add the bEnableCvAccountsSSO additional setting to the CommServe and to each Web Console client that should use single sign-on. For information on adding the additional setting, see Enabling Multi-Web Console Single Sign-On (SSO).
About This Task
If you have both Active Directory SSO and Multi-Web Console SSO configured in your CommCell environment, only Multi-Web Console SSO is attempted for your users.
Client Computer Group Level
- Create a client computer group and add the Web Console clients that should use the same IdP.
Note: Each client computer group can have only one IdP. If some Web Consoles need to use a different IdP, create another client computer group.
For information on creating a client computer group, see Creating a Client Computer Group.
- In the Create New Client Group dialog box, on the Advanced Settings tab, select Enable CvAccounts SSO Login.
- From the CvAccounts SSO Login URL list, click the Web Console that will act as the IdP for all of the Web Consoles in the client computer group.
- Click OK.
- From the CommCell Console ribbon, on the Home tab, and click Control Panel.
- Under Maintenance, click EMail and Web Server.
The EMail and Web Server dialog box appears.
- On the Web Server tab, select Configure this URL for CVAccounts SSO redirections.
- In the URL box, enter the URL for the Web Console that will act as the IdP for all of the Web Consoles that are not in a client computer group. For example, http://client.mycompany.com:80/webconsole.
Note: Web Consoles that are part of a client computer group have the IdP defined at the client computer group level. The IdP at the client computer group level takes precedence over the IdP defined in the Control Panel.
- Click OK.
When you access Web Consoles that are configured to use Multi-Web Console SSO and you are not logged on, you are redirected to the IdP Web Console to log on. After you log on, you are returned to the Web Console you first accessed, and you can access any Web Console that is configured to use Multi-Web Console SSO without logging on again.
Note: Logging off of one Web Console logs you off of all Web Consoles that are configured to use Multi-Web Console SSO.