The Single Sign-On (SSO) feature allows end users to log in to Windows, then use the following IM and Presence applications without having to sign on again:
Cisco Unified CM IM and Presence User Options
Cisco Unified CM IM and Presence Administration
Cisco Unified IM and Presence Serviceability
Cisco Unified IM and Presence Reporting
IM and Presence Disaster Recovery System
Real-Time Monitoring Tool (RTMT) Administration
Cisco Unified IM and Presence Operating System Administration
Set up Single Sign-On
To configure Single Sign-On (SSO), select Cisco Unified IM and Presence OS Administration > Security > Single Sign On.
The SSO feature is divided into three components:
A warning message displays indicating that the change in SSO settings causes Tomcat to restart.
The following error messages may display when enabling the SSO feature:
Invalid Open Access Manager (OpenAM) server URL - This error message displays when you give an invalid OpenAM server URL.
Invalid profile credentials - This error message displays when you give a wrong profile name or wrong profile password or both.
Security trust error - This error message displays when the OpenAM certificate has not been imported.
If you get any of the above error messages while enabling SSO, the status changes to the related error.
The server settings are editable only when SSO is disabled for all applications.
You can enable or disable SSO on any of the following applications:
Cisco Unified CM IM and Presence Administration - Enables SSO for Cisco Unified CM IM and Presence Administration, Cisco Unified IM and Presence Serviceability, and Cisco Unified IM and Presence Reporting
Cisco Unified CM IM and Presence User Options - Enables SSO for End User Options
Cisco Unified IM and Presence Operating System Administration - Enables SSO for Cisco Unified IM and Presence Operating System Administration and IM and Presence Disaster Recovery System
Real-Time Monitoring Tool - Enables the web application for the Real-Time Monitoring Tool
Enter the following URL of the Open Access Manager (OpenAM) server:
Enter the relative path where the policy agent should be deployed. The relative path must be alphanumeric.
Enter the name of the profile that is configured for this policy agent.
Enter the password of the profile name.
Enter the login module instance name that is configured for Windows Desktop SSO.
In the Confirmation dialog box, click OK to restart Tomcat.
What to Do Next
Enable the SSO feature on the IM and Presence server by entering the utils sso enable command on the Command Line Interface. For more information, see the Command Line Interface Reference Guide for Cisco Unified Communications Solutions.