Administer > System Security > Trusted sign-on

Trusted sign-on

You can configure HPE Service Manager clients to automatically log on using the same authentication information as users entered when they logged onto their client workstation's operating system. When you enable trusted sign-on, users bypass the Service Manager logon screen and directly enter the application.

In a trusted sign-on scenario the Service Manager server grants access to clients only if the following conditions are met.

  • The user's logon credentials match an existing operator record in Service Manager or a valid LDAP source that Service Manager recognizes.
  • A trusted authentication authority, such as the operating system, validates that the user's logon credentials are valid.
  • The client (Service Manager Web Tier or Windows) must present a signed SSL certificate.

The following figure depicts the connection process between a Web server, a Web application server, and the Service Manager application server:

  • The Web server receives the user information from the client via the browser, and passes the user name and domain name to the Web application server.
  • The Web application server (such as Tomcat, WebSphere┬«, or WebLogic Server┬«) acts as a client, and communicates with the Service Manager application server.
  • The Service Manager application server also checks whether the user was authenticated by a valid domain. Local machine authentication is not accepted; if attempted the Service Manager server will reject such a request.