Configuring and enabling single sign-on (SSO)

Available from 9.2.1. You can now use the two-factor authentication and use SSO to log on to BigFix Inventory and maintain login consistency with other applications in the enterprise. You can configure BigFix Inventory to use two-factor authentication with single sign-on based either on the exchange of Security Assertion Markup Language (SAML 2.0) token and Microsoft Active Directory Federation Services as Identity Provider or you can use the IBM Lightweight Third-Party Authentication (LTPA) technology and IBM Security Access Manager for Web as the authentication service.

About this task

To enable debug logging for single sign-on in BigFix Inventory, edit the web.xml file and change the value of config.sso.debug to true.
<context-param>
  <param-name>config.sso.debug</param-name>
  <param-value>true</param-value>
</context-param>

The solution described in this section is based on the assumption that the connection with BigFix Inventory is established via the BigFix Inventory host name. For complex scenarios, you need to manually configure SAML provider in the server.xml file and perform additional configuration of the authentication service.

Session timeout configuration when logged in through SSO

You can set the session timeout for BigFix Inventory. Refer to the steps mentioned at Session timeout.
Note: The time that you set must be greater than the current SSO time. If you set a time lower than current SSO time, BigFix Inventory times out sooner and does not redirect you to the SSO login page. It gives an error message.