Yes you can use a TCP service to do a SSO to a target web portal using SAML. Create a TCP service, select the application protocol as web portal, Select browser type as CA PAM browser, and then select the auto login method as SAML 2.0 SSO POST then configure the remaining two tabs for SP initiated or IDP initiated SSO for PAM and assign this service to your device.