Single Sign-On allows organizations to use their already defined domain authentication and not require users to create a unique username/password for Serviceaide Intelligent Service Management.
...
To enable and configure Single Sign-On, perform the following tasks:
- Validate Prerequisites
- Export Identity Provider Certificates
- Configure SAML Single Sign-On in CSM
- Add CSM As a Trusted Service Provider in the Identity Provider
- Configure Identity Provider to Send User Identifier As Name ID
...
Note: Do not modify any parameters on the application server or database server. Contact Support for assistance in such changes.
| Anchor | ||||
|---|---|---|---|---|
|
Federation servers use Public/Private Key pairs to add digital signature to all security tokens they produce. These keys validate the authenticity of the encrypted security token.
...
If the export is successful, the certificate is saved at the location that you specified. You can open the certificate in any text editor, like Notepad.
| Anchor | ||||
|---|---|---|---|---|
|
You can add multiple SAML single sign-on configurations to Intelligent Service Management. This allows a single Intelligent Service Management system to support different organizations that may have a different SSO/SAML setup. To enable Single Sign-On, configure Intelligent Service Management to trust assertions that are sent by the IdP.
...
Note: Contact the support team for the metadata URL applicable to your application instance.
| Anchor | ||||
|---|---|---|---|---|
|
Add the metadata that is generated from Intelligent Service Management to your IdP to enable the SAML communication between them. For information about generating the metadata, see Configure SAML Single Sign-On in CSM.
Follow these steps on Microsoft ADFS 3.0:
...
Intelligent Service Management is added as a trusted service provider in your IdP.
| Anchor | ||||
|---|---|---|---|---|
|
After configuring your IdP and Intelligent Service Management to trust assertions, set up the attribute statement for SAML assertion. This attribute statement is used to identify a user. You can use a unique identifier to identify each user, like Principle Name, or Email ID.
...