Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
- System security
- Encryption of configuration file settings
- Encryption of operator passwords
- Encryption of client keystore passwords
- Randomly generated master keys
- Inactivity timer
- Lockout feature
- System quiesce: Login restrictions
- Mandanten file security
- Multicompany mode
- Script utilities
- Security tables
- Secure Sockets Layer (SSL) encryption and server certificates
- Support of the HTTP Strict Transport Security protocol
- Trusted sign-on
- Common Access Card (CAC) sign-on
- SAML Single Sign-On
- FIPS mode
- Tokenization
SAML Single Sign-On
Security Assertion Markup Language (SAML) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties. In particular, between an Identity Provider (IdP) and a Service Provider (SP). The single most important requirement that SAML addresses is web browser single sign-on (SSO). SAML 2.0 is the industry standard for federated identity management based on Single Sign-On (SSO).
Tip SSO is a session or user authentication process that permits a user to enter the same name and password to access multiple web applications.
The SAML 2.0 specification defines an exhaustive list of profiles. By leveraging HPE Identity Manager (IdM), Service Manager and Service Portal support two essential profiles: Web Browser SSO Profile, and Single Logout Profile. The HPE SAML SSO solution uses IdM as a Service Provider and a third-party Identity Provider.
Important IdM is built in to Service Portal. Customers who are using Service Portal should use the built-in IdM to enable SAML SSO for Service Manager and Service Portal; customers who are not using Service Portal should use the standalone version of IdM that is released with Service Manager.
Benefits of using SAML SSO
By default, SAML SSO is disabled in Service Manager and Service Portal. When SAML SSO is enabled, if Service Manager and Service Portal share the same IdP and LDAP Server with other HPE applications (whether the other applications leverage IdM or not), the user needs to enter a user name and password only once to log in to all of these web applications. Additionally, this solution supports single logout for multiple HPE web applications that leverage IdM.
Note SAML SSO is supported for the SM Web Tier client, SRC, Mobility Client, and Service Portal.
Using this solution has the following benefits:
- Provides tighter security controls through consistent enforcement of security policies across all applications
- Reduces turnaround time for provisioning and deprovisioning of user accounts in applications
- Fosters identity data collection, access reviews, and security analytics
- Provides single sign-on experience for end users
- Enables new users to gain faster access to the resources needed to perform their jobs
- Eliminates or reduces duplicate user IDs
Note Enabling SAML SSO may slow down user logins. According to laboratory tests by HPE, user logins may take approximately 15% more time.
This solution also provides backward compatibility with the legacy LW-SSO solution, and works in FIPS mode.
Supported Identity Providers (IdPs)
Currently, only Microsoft Active Directory Federation Services (ADFS) is supported by Service Manager and Service Portal.
Supported HPE Identity Manager (IdM) use cases
The SAML SSO solution leverages HPE Identity Manager (IdM). For this purpose, Service Manager provides a standalone package (a .WAR file) of the IdM service, and the Service Portal installation is bundled with the same version of IdM. Use one of the IdM service instances as follows:
- If you are using Service Portal, you must configure SAML SSO for both Service Manager and Service Portal by using the IdM bundled with Service Portal.
- If you are not using Service Portal, use the standalone IdM.
Important if you are already using a standalone version of IdM for Service Manager SAML SSO configuration and plan to deploy Service Portal, you must discard your existing SAML SSO configuration and configure the Service Portal IdM (rather than the standalone version) to work with Service Manager.
For detailed steps, see SAML SSO setup.
Next steps
Learn more about how the SAML SSO solution works for Service Manager and Service Portal. See Overview of Service Manager SAML SSO and Overview of Service Portal SAML SSO.
Understand the SAML SSO configuration procedure for Service Manager and Service Portal. See SAML SSO setup.
Related concepts
Overview of Service Manager SAML SSO
Overview of Service Portal SAML SSO
Related references
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to ovdoc-ITSM@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: