CA Service Management

Hi, we are going to deploy the mobile services through the Service Management App and we need to add authentication through SAML or our Microsoft AD FS infraestructure. Actually we use EEM with Microsoft Active Directory and SSO.

Is it possible to add the external authentication to our AD FS? We use it with all our mobile solutions (Facebook Workplace, Citrix...)

Hi Sebastian,  I am not sure exactly what the ask is here.  Are you asking how to enable SAML or Microsoft AD FS for use with the mobile app for SDM?

Let us know,

Jon I.

Yes, that's right

So currently SDM doesnt allow for native SAML auth - although the upcoming version of SDM I believe will do so - so hang tight on that one.  As for the mobile app, it authenticates the users by passing the username and password to SDM to authenticate the user - so I think that as long as you have SDM authenticating to LDAP (by way of having the SDM servers on the same domain as the users, and SDM set to use OS auth), then this should work.  For my own system in-house, I am able to log into the mobile app on my phone, using a windows user that is set up on my SDM server.  So if you are authenticating users now using OS auth in SDM, then those same users should be able to log into the mobile app without a problem using their windows credentials.    SSO unfortuantely will NOT work for the mobile app - its just not designed to do so at this time.

Hope this helps,

I would suggest testing this out.

Thanks,

Jon I.

HI Jon, thank you very much! Your answer was very clear.

I have the same environment as you but our Security Department wants a method to avoid a massive domain user lock out. Actually they have a configuration where 1 login error before it locks out in the domain ADFS blocks your login for 30 minutes. That's the reason I need ADFS or a method to avoid this kind of attack.

Regards

Sebastian

Hi Sebastian,

Totally understand the need.  However, there is no way of using single-sign-on from a mobile device (since the mobile device is not on a domain and you dont "log into it" with domain credentials.  So this one will be a bit of a challenge for you guys.

Jon

Hi Jon, we don't need SSO on the mobile devices, but we need to validate the login with a system with that kind of security

Hi Sebastian - so I am not understanding the need here then.  If SDM is already authenticating this way, then the mobile app should work to authenticate to SDM the same way.  Is there something that I am missing?  

Let me know,
Jon

Yes, the authentication through the mobile app is working, and also the web access where we are using Windows single sign on. This is working with my SDM 14.1, EEM and Microsoft Active Directory

My need is to add an extra security layer with ADFS for the mobile app login. As far as I know ADFS is configured in each software console, but in SDM and EEM console it is not possible. I wanted to know if there is a way to configure ADFS in SDM or EEM? Or do we have to use another solution like CA Siteminder?

Thanks for your answers and patience!

Sebastian

Hi Sebastian,

For Claims based authentication, yes, you would have to use something like a Siteminder which lets you get authorization apart from just plain authentication into the app.

_R

Hi Sebastian,

I added a document related to the SAML integration at the following link.

I hope it helps

https://communities.ca.com/docs/DOC-231179532

Regards

Franco

Hi, thank you but i can't access to that site. It says Im not authorized..

Hi,

I attached the document directly here. I hope you can access it.

Regards

Franco

Hi Francesco, thank you very much! Now I can download it.