The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
There are two types of Single Sign-On (SSO): OpenAM SSO and Security Assertion Markup Language (SAML) SSO. The Cisco Unified IM and Presence Operating System interface is used to configure OpenAM SSO only. For information about SAML SSO, see the Features and Services Guide for Cisco Unified Communications Manager.
The OpenAM SSO feature allows end users to log in to Windows and use the following IM and Presence applications without being required to sign in again:
Cisco Unified CM IM and Presence Administration
Cisco Unified IM and Presence Serviceability
Cisco Unified IM and Presence Reporting
IM and Presence Disaster Recovery System
Real-Time Monitoring Tool (RTMT) Administration
Cisco Unified IM and Presence Operating System Administration
Cisco Client Profile Agent
To configure OpenAM SSO, select Cisco Unified IM and Presence OS Administration > Security > Single Sign On.
The SSO feature is divided into three components:
Status
A warning message displays indicating that the change in SSO settings causes Tomcat to restart.
The following error messages may display when enabling the SSO feature:
Invalid Open Access Manager (OpenAM) server URL - This error message displays when you give an invalid OpenAM server URL.
Invalid profile credentials - This error message displays when you give a wrong profile name or wrong profile password or both.
Security trust error - This error message displays when the OpenAM certificate has not been imported.
Note | If you get any of the above error messages while enabling SSO, the status changes to the related error. |
Server Settings
The node settings are editable only when SSO is disabled for all applications.
Select Applications
You can enable or disable SSO on any of the following applications:
Cisco Cisco Unified Communications Manager IM and Presence Administration - Enables SSO for Cisco Cisco Unified Communications Manager IM and Presence Administration, Cisco Unified IM and Presence Serviceability, and Cisco Unified IM and Presence Reporting
Cisco Unified IM and Presence Operating System Administration - Enables SSO for Cisco Unified IM and Presence Operating System Administration and IM and Presence Disaster Recovery System
Real-Time Monitoring Tool - Enables the web application for the Real-Time Monitoring Tool
Cisco Client Profile Agent - Enables SSO for the Cisco Client Profile Agent service. This option is only available to customers using Common Access Card (CAC) sign-on.