How to Configure SSO Using the Configuration Wizard

For the most recent version of Microsoft Host Integration Server documentation, see http://msdn.microsoft.com/library/gg241192.aspx.

Use the Enterprise Single Sign-On (SSO) page to configure your SSO settings.

noteNote
You will not be able to reconfigure SSO in the configuration manager after you have configured it.

 

Use this To do this

Enable Enterprise Single Sign-On on this computer

Select Enable Enterprise Single Sign-On on this computer to configure this server with SSO settings.

Create a new SSO system

Select Create a new SSO system if this is the first SSO server you are configuring in your SSO system. This also creates and configures the SSO Credential database. You must also back up the secret on this secret server.

CautionCaution
You should configure the master secret server as a stand-alone server. You must be an SSO administrator while performing this configuration task.

noteNote
Only one master secret server can be associated with one SSO group. Associating two master secret servers to the same SSO group is not supported.

Join an existing SSO system

Select Join an existing SSO system to connect to an existing SSO system.

Data stores

The Data stores list provides an editable view of the data stores used for the SSO database.

Windows service

The Windows service list provides an editable view of the account used to run the Enterprise Single Sign-On service.

Windows accounts

The Windows accounts list provides an editable view of the SSO Administrators and SSO Affiliate Administrators Windows groups.

Use the Enterprise Single Sign-On Secret Backup page to save the master secret to an encrypted backup file in the event that disaster recovery is needed.

 

Use this To do this

Secret backup password

Type the password for the backup file.

Confirm password

Confirm the password for the backup file.

Password reminder

Type a reminder for the password you enter.

Backup file location

Provide a file name and file path to the secret backup file. By default it is stored at <drive>:\Program Files\Common Files\Enterprise Single Sign-On\.

Considerations for Configuring SSO

When you configure Enterprise SSO, consider the following:

  • When configuring the SSO Windows accounts using local accounts, you must specify the account name without the computer name.

  • When using a local SQL Server named instance as data store, you must use LocalMachineName\InstanceName instead of LocalMachineName\InstanceName, PortNumber.

  • It is possible to configure the Enterprise SSO service account as the Network Service account. To do so, you must first add the Network Service account to the SSO Administrators group and reboot the computer for the change to take effect.

ImportantImportant
While it is possible to do this, it is not a good security practice, as the Network Service account is a low privilege account.

 
Show: