Audience: System administrators installing and configuring Sapho Server
CA Single Sign-On is another security provider supported by Sapho that you can use to authenticate the users of Sapho micro apps.
CA Single Sign-On setup
Go to the Security tab and select CA Single Sign-On.

You’ll see the following fields in the dialog window:
- SSO Endpoint URL - the URL of the CA Single Sign-On server.
- Login Attribute - the name of the login attribute in the CA Single Sign-On schema.
- User Name Attribute - the name of the user name attribute in the CA Single Sign-On schema.
- Email Attribute - the name of the email attribute in the CA Single Sign-On schema.

Click DONE when you are finished entering your CA Single Sign-On security provider settings.
You can now set which micro apps use CA Single Sign-On for access in the Micro Apps with Access section.

CA Single Sign-On groups
Here’s how to use CA Single Sign-On groups for access management within Sapho:
- Go to the Provider Details page of your CA Single Sign-On security provider.

- Fill in the Group Attribute field according to your CA Single Sign-On settings. You should use the name of the group attribute from your CA Single Sign-On schema.

- Manually register the CA Single Sign-On groups you want to use within Sapho for access management by clicking ADD NEW GROUP.

- Click SAVE SETTINGS.
Now you’ll be able to use CA Single Sign-On groups throughout Sapho, i.e. you can give access to micro apps based on your CA Single Sign-On groups or send notifications to users based on their assigned groups.
Security requirements
To ensure that your connection is secure, we recommend you perform one of the following:
- Set up a reverse proxy for Sapho Server using an SSL connection, as described in the following guides:
- Make sure Sapho Server runs on https only.