Configuring and enabling single sign-on

Available from 9.2.1. You can now use the two-factor authentication and use single sign-on to log on to BigFix Inventory and maintain login consistency with other applications in the enterprise. You can configure BigFix Inventory to use two-factor authentication with single sign-on based either on the exchange of Security Assertion Markup Language (SAML 2.0) token and Microsoft Active Directory Federation Services as Identity Provider or you can use the IBM Lightweight Third-Party Authentication (LTPA) technology and IBM Security Access Manager for Web as the authentication service.

About this task

To enable debug logging for single sign-on in BigFix Inventory, edit the web.xml file and change the value of config.sso.debug to true.
<context-param>
  <param-name>config.sso.debug</param-name>
  <param-value>true</param-value>
</context-param>

The solution described in this section is based on the assumption that the connection with BigFix Inventory is established via the BigFix Inventory host name. For complex scenarios, you need to manually configure SAML provider in the server.xml file and perform additional configuration of the authentication service.