If you are using Microsoft® Active Directory Domain Services, you can configure SSO (single sign-on). This allows users to work with all ARIS components as soon as they are logged in to the domain. Separate login to ARIS components is not required. You can use single sig-on using SAML. SAML (Security Assertion Markup Language) is an XML framework for exchanging authentication and authorization information. SAML provides functions to describe and transfer security-related information.
SAML is a standard for exchanging authentication data between security domains. SAML is an XML-based protocol that uses security tokens containing assertions to pass information about a user between an identity provider and a service provider and enables web-based authentication scenarios including single sign-on across all ARIS Connect runnables.
Please contact your SCIM administrator before you change any configuration.
Prerequisite
Server
Client
The following steps must be taken to use SSO:
Procedure
You configured SSO.
Configuration in ARIS Administration
You need to configure SSO for the servers.
Prerequisite
You have the Technical configuration administrator function privilege.
Procedure
You have configures SSO using SAML in ARIS Administration. If you use multiple LDAP systems, the user names must be unambiguous through all LDAP systems. Otherwise no SSO is possible.
Register ARIS as a trusted service provider
Establish a circle of trust between the identity provider and the service provider.
Procedure
https://<SERVERNAME>/umc/rest/saml/metadata.xml?tenant=<TENANTID>
Your system is configured to be used with single sign-on and SAML.
Troubleshooting
Detailed information on SAML authentication issues can be found in the log files of ARIS Administration located in
<Your installation folder>\ARIS10.0\server\bin\work\work_umcadmin_<size>\base\logs
Example
C:\SoftwareAG\ARIS10.0\server\bin\work\work_umcadmin_m\base\logs