Configuring SSO with IWA

For these instructions, the examples use the following assumptions.

Domain: raritan.com

Domain Login Name: example_user

Hostname: example

Trusted Domains: nj.raritan.com; eu.raritan.com

  1. Configure Service Principal Name at AD server.
    1. Create a user account "example_user" in Active Directory under the CC-SG's domain. In these instructions, "raritan.com" is domain and login name is "example_user".
    2. Disable 'User has to change password at next logon'.
    3. Assign the password.
    4. Assume your CC-SG hostname is "example". Run the following command on the AD server to setup the service principal name for CC-SG.

    Setspn -A HTTP/example example_user

    Setspn -A HTTP/example.raritan.com example_user

  2. Enable SSO in CC-SG
    1. Login to CC-SG Admin Client.
    2. Edit Example AD module: In the General tab, use Service Principal Name for Username. Domain name should be all capitals in the Username.

    example_user@EXAMPLE.RARITAN.COM

    1. Change the password. Whenever password for example_user gets changed in AD, you must change the password here too.

      Note: You don’t need to make these changes for all other trusted domains. Keep login as it was in other domains.

    2. In the Advanced tab, select the "Enable Integrated Windows Authentication" checkbox under "Other". Enable this option for all other trusted domains that you would like to allow SSO.
    3. Click OK to save.

      Note: The users that login into trusted domains such as nj.raritan.com, eu.raritan.com and so on, should be able to access example.raritan.com through SSO too if you have enabled Integrated Windows Authentication for those modules.

  3. Configure Internet Explorer Browser to use Windows authentication. Most settings are the defaults in IE.
    1. Configure Local Intranet Domains
      • Choose Tools > Internet Options > Security > Local intranet > Sites.
      • In the Local intranet popup, make sure that the "Include all sites that bypass the proxy server" and "Include all local (intranet) sites not listed in other zones" options are selected.
      • Or click Advanced. In the Local intranet (Advanced) dialog box, add all relative domain names that will be used by user to access CC-SG. For example, example.raritan.com and example), then click OK.
    2. Configure Intranet Authentication
      • Choose Tools > Internet Options > Security > Local intranet > Custom Level.
      • In the Security Settings dialog, scroll to the User Authentication section. Select Automatic logon only in Intranet zone. Click OK.
      • Choose Tools > Internet Options > Advanced >Security >Check "Enable Integrated Windows Authentication".

See Also

Setup SSO with Integrated Windows Authentication

Requirements for SSO with IWA

Troubleshooting for SSO with IWA