Install and configure the standalone IdM service

Important This topic describes how to install and configure the standalone version of the IdM service released with Service Manager. If your organization is using the Service Manager Service Portal user portal, you must use the IdM service bundled with Service Manager Service Portal instead. For more information, see Configure SAML SSO using the Service Portal IdM.

Service Manager (SM) leverages Micro Focus Identity Manager (IdM) to support Single Sign-On (SSO) using SAML 2.0. To set up SAML SSO for Service Manager, you need to install the IdM service and create a trust relationship with a third-party identity provider (IdP, such as Microsoft ADFS). In the SAML SSO process, the IdM service acts as a service provider (SP) to the IdP.

Prerequisite

You must have a third-party identity provider (that is, Microsoft ADFS 2.0 or 3.0) installed in your system.

Installation and configuration

You have to ways to set up the IdM service:

  • Install the IdM service, and then configure it manually
  • Install the IdM service together with the IdM admin console, and then use the admin console to configure the SAML authentication.

To deploy and configure the IdM service manually, complete these tasks:

Task 1: Deploy IdM on a web application server

Task 2: Configure SSL in the IdM web application server

Task 3: Create an IdM client trust store

Task 4: Configure SAML SSO

Task 5: Configure a tenant and specify the ADFS metadata URL

Task 6: Configure the IdM service for LW-SSO compatibility

Task 7: Specify an IdM token signing key

Task 8: Specify an IdM user account for Service Manager

Task 9: Replace JRE policy files for the IdM server

Task 10: Configure the SAML keystore in IdM

Task 11: Import the IdP public key into the IdM SAML keystore

Task 12: Encrypt IdM passwords and keys

Task 13: Create an empty database for IdM

Task 14: Configure database connection in the IdM service

Task 15: Download the IdM metadata

Task 16: Create a trust relationship with ADFS

Task 17: Adjust the max authentication age setting in the IdM service

 

To use the IdM admin console to configure the IdM service, see Configure SAML authentication by using the IdM admin console.

 

Next steps

Next, you need to configure SAML authentication in the Service Manager Server, Web Tier, SRC, and Mobility Client and verify that your SAML SSO setup is successful. For details, see Configure SAML SSO in Service Manager (using standalone IdM).