CA Tuesday Tip: Using Single Sign-On (SSO) with the CA DLP iConsole.

Discussion created by devan05 Employee on Aug 9, 2011
CA DLP Tuesday Tip by Andrew Devine, Snr. Support Engineer for 9 August 2011

Using single sign-on (SSO) with the iConsole allows users to skip the logon dialog when they start up the iConsole. Instead of the user supplying credentials to access the console, CA DLP relies on the fact that the user has successfully logged into Windows as sufficient authorization to allow them to log on to the CA DLP account of the same name.

To configure CA DLP to use single sign-on, you can either edit the CMS machine policy or you can grant the privilege "Admin: Use single sign-on" to individual users (this overrides the CMS policy).

Note that account names for CA DLP users must be the same as their native Windows user name (sometimes referred to as the user logon name). That is, an account name prefixed with the user’s domain, for example, "unipraxis\lsteel".