Creating a header-based SSO authentication integration
A header-based single sign-on (SSO) authentication realm uses an external server for authentication.
Procedure
- On the HCL™ Accelerate dashboard, click .
-
In the required fields, specify the following parameters:
Table 1. SSO properties Field Description Name The name for the integration. Full name header name The user name on the SSO server that contains the list of users. Email header name The user email on the SSO server that contains the list of users. Note: For Email header name, there is a change to lower case in the HCL™ Accelerate database. Logout URL The SSO server's logout URL. -
Click Save.
Setting up an SSO user does not automatically add the user to the HCL™ Accelerate database and is explained in further detail below.
Results
Note: Once the SSO setup is
completed properly by the admin user and that user logs out of
HCL™ Accelerate, there is a loss of admin access privileges because of the inability to log back in as the admin.
New users created via the SSO login only have the Viewer and Release participant permissions by
default and the admin cannot change the permissions as stated previously. Possible solutions for
this scenario include the following:
- Set the HCL™ Accelerate server to allow direct access from specific IPs that will allow the admin to login.
- Create an SSO user with the
HCL™ Accelerate admin email address of
admin@admin.com
. - Perform an SSO login with a different browser while the local HCL™ Accelerate admin navigates to and grants full admin privileges to the SSO user.
As a guideline, Item 3 is the recommended method for preserving admin access privileges to HCL™ Accelerate.
To delete a current SSO configuration after it was created, click the Delete Configuration button on the Settings page for SSO.