Establishing single sign-on (SSO) between the portal installation and HCL Connections in SmartCloud for Social Business

Learn about the requirements that must be fulfilled in order to successfully integrate HCL with HCL Connections in SmartCloud for Social Business. You can provide a user experience where a user logs in one time into HCL and then automatically sees all integrated HCL Connections information.

Since SmartCloud for Social Business uses a specific user repository, the following requirements are established by using Identity Federation and Security Assertion Markup Language (SAML):
  • Users do not have to maintain separate user names and passwords for HCL and HCL Connections.
  • A user logs on one time in to your digital experience and can view:
    • Information from HCL Connections in SmartCloud for Social Business Rest APIs that are rendered by using portlets or HCL Web Content Manager rendering in HCL.
    • The SmartCloud for Social Business HCL Connections web user interface.
  • The infrastructure to complete outbound calls must be configured to support SAML-based single sign-on (SSO), since single sign-on needs to be established for calls from the portal JVM to the HCL Connections server in SmartCloud for Social Business APIs. To configure support for SAML-based single sign-on, you must use one of the following identity providers:
    • To use Tivoli Federated Identity Manager (TFIM) as your identity provider, view the information in Configuration settings for Tivoli Federated Identity Manager (TFIM) in the related links section.
    • To use Active Directory Federation Services (ADFS) as your identity provider, view the information in Configuration settings for Active Directory Federation Services (ADFS) in the related links.
    Notes:
    • SAML 2.0 is the only supported version.
    • Active Directory Federation Services (ADFS) is supported beginning with CF05 and later.
The infrastructure for your integrated system is as follows:
  • There is an identity provider server in your local environment that uses the same user repository as your portal server.
  • SSO between your portal server and the local identity provider system is established.
  • The local identity provider server and the SmartCloud for Social Business infrastructure trust each other.
To establish trust between the local identity provider server and SmartCloud for Social Business, complete the steps that are outlined in the SmartCloud for Social Business documentation:
  • For general information, see Federated identity management in the related links.
  • For specifics of enabling federated Identity Management, see Enabling federated identity management in the related links.