How to set up CA Single Sign-On security provider

Audience: System administrators installing and configuring Sapho Server

CA Single Sign-On is another security provider supported by Sapho that you can use to authenticate the users of Sapho micro apps.

CA Single Sign-On setup

Go to the Security tab and select CA Single Sign-On.

You’ll see the following fields in the dialog window:

  • SSO Endpoint URL - the URL of the CA Single Sign-On server.
  • Login Attribute - the name of the login attribute in the CA Single Sign-On schema.
  • User Name Attribute - the name of the user name attribute in the CA Single Sign-On schema.
  • Email Attribute - the name of the email attribute in the CA Single Sign-On schema.

Click DONE when you are finished entering your CA Single Sign-On security provider settings.

You can now set which micro apps use CA Single Sign-On for access in the Micro Apps with Access section.

CA Single Sign-On groups

Here’s how to use CA Single Sign-On groups for access management within Sapho:

  1. Go to the Provider Details page of your CA Single Sign-On security provider.
  2. Fill in the Group Attribute field according to your CA Single Sign-On settings. You should use the name of the group attribute from your CA Single Sign-On schema.
  3. Manually register the CA Single Sign-On groups you want to use within Sapho for access management by clicking ADD NEW GROUP.
  4. Click SAVE SETTINGS.

Now you’ll be able to use CA Single Sign-On groups throughout Sapho, i.e. you can give access to micro apps based on your CA Single Sign-On groups or send notifications to users based on their assigned groups.

Security requirements

To ensure that your connection is secure, we recommend you perform one of the following:

  1. Set up a reverse proxy for Sapho Server using an SSL connection, as described in the following guides:
  2. Make sure Sapho Server runs on https only.