Administer > System security > SAML Single Sign-On

SAML Single Sign-On

Security Assertion Markup Language (SAML) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties. In particular, between an Identity Provider (IdP) and a Service Provider (SP). The single most important requirement that SAML addresses is web browser single sign-on (SSO). SAML 2.0 is the industry standard for federated identity management based on Single Sign-On (SSO).

Tip SSO is a session or user authentication process that permits a user to enter the same name and password to access multiple web applications.

The SAML 2.0 specification defines an exhaustive list of profiles. By leveraging Micro Focus Identity Manager (IdM), Service Manager and Service Manager Service Portal support two essential profiles: Web Browser SSO Profile, and Single Logout Profile. The Micro Focus SAML SSO solution uses IdM as a Service Provider and a third-party Identity Provider.

Important IdM is built in to Service Manager Service Portal. Customers who are using Service Manager Service Portal should use the built-in IdM to enable SAML SSO for Service Manager and Service Manager Service Portal; customers who are not using Service Manager Service Portal should use the standalone version of IdM that is released with Service Manager.

Benefits of using SAML SSO

By default, SAML SSO is disabled in Service Manager and Service Manager Service Portal. When SAML SSO is enabled, if Service Manager and Service Manager Service Portal share the same IdP and LDAP Server with other Micro Focus applications (whether the other applications leverage IdM or not), the user needs to enter a user name and password only once to log in to all of these web applications. Additionally, this solution supports single logout for multiple Micro Focus web applications that leverage IdM.

Note SAML SSO is supported for the SM Web Tier client, SRC, Mobility Client, and Service Manager Service Portal.

Using this solution has the following benefits:

  • Provides tighter security controls through consistent enforcement of security policies across all applications
  • Reduces turnaround time for provisioning and deprovisioning of user accounts in applications
  • Fosters identity data collection, access reviews, and security analytics
  • Provides single sign-on experience for end users
  • Enables new users to gain faster access to the resources needed to perform their jobs
  • Eliminates or reduces duplicate user IDs

Note Enabling SAML SSO may slow down user logins. According to laboratory tests by Micro Focus, user logins may take approximately 15% more time.

This solution also provides backward compatibility with the legacy LW-SSO solution, and works in FIPS mode.

Supported Identity Providers (IdPs)

Currently, only Microsoft Active Directory Federation Services (ADFS) is supported by Service Manager and Service Manager Service Portal.

Supported Micro Focus Identity Manager (IdM) use cases

The SAML SSO solution leverages Micro Focus Identity Manager (IdM). For this purpose, Service Manager provides a standalone package (a .WAR file) of the IdM service, and the Service Portal installation is bundled with the same version of IdM. Use one of the IdM service instances as follows:

  • If you are using Service Portal, you must configure SAML SSO for both Service Manager and Service Portal by using the IdM bundled with Service Portal.
  • If you are not using Service Portal, use the standalone IdM.

Important if you are already using a standalone version of IdM for Service Manager SAML SSO configuration and plan to deploy Service Manager Service Portal, you must discard your existing SAML SSO configuration and configure the Service Manager Service Portal IdM (rather than the standalone version) to work with Service Manager.

For detailed steps, see SAML SSO setup.

Next steps

Learn more about how the SAML SSO solution works for Service Manager and Service Manager Service Portal. See Overview of Service Manager SAML SSO and Overview of Service Portal SAML SSO.

Understand the SAML SSO configuration procedure for Service Manager and Service Manager Service Portal. See SAML SSO setup.

Related topics

Overview of Service Manager SAML SSO

Overview of Service Portal SAML SSO

Related topics

SAML SSO setup