Overview

Overview of Single Sign-On

SSO is a process that allows pre-authenticated users to access APM, without having to re-enter their credentials.

The APM user logs on initially using a form-based enterprise login screen. SSO is a common procedure in enterprises, where a user logs in once and gains access to different applications without the need to re-enter log-in credentials at each application. SSO authentication facilitates seamless network resource usage. SSO mechanisms vary, depending on application type.

SSO advantages include:
  • Eliminates credential re-authentication.
  • Streamlines local and remote application and desktop workflow.
  • Minimizes phishing.
  • Improves compliance through a centralized database.
  • Provides detailed user access reporting.
APM supports the following types of authentication for SSO:
  • Pass-through authentication

    Enables the users to enter their Windows credentials in the APM login page and APM validates the credentials against Active Directory.

  • Security Assertion Markup Language (SAML) authentication

    Enables the users to navigate to the SSO URL (hosted on the APM Application Server) that redirects the browser to a preconfigured URL (not hosted on the APM Application Server), which is the Identity Provider (IDP). If there are multiple databases, and when the user selects a database, the user account is then authenticated and the IDP provides the web browser a token through a cookie. If the token is valid, the user can access APM.