Strategy ONE

Enable Single Sign-On to Library with Trusted Authentication

You can enable Single Sign-on (SSO) authentication for Strategy Library using third-party authentication provider such as IBM Tivoli Access Manager, CA SiteMinder, Oracle Access Manager, or PingFederate®.

Trusted authentication mode cannot be used in combination with any other log in mode.

Enable Trusted Authentication Mode

  1. Launch the Library Admin page by entering the following URL in your web browser

    http://<FQDN>:<port>/MicroStrategyLibrary/admin

    where <FQDN> is the Fully Qualified Domain Name of the machine hosting your Strategy Library application and <port> is the assigned port number.

  2. On the Library Web Server tab, select Trusted from the list of available Authentication Modes.

  3. Select your authentication provider from the Provider drop-down menu.

  4. Click the Create Trusted Relationship button to establish trusted communication between Library Web Server and Intelligence server.

    Ensure the Intelligence server information is entered correctly before establishing this trusted relationship.

  5. Click Save.
  6. Restart your Web Server to apply the changes.

Enable A Custom Authentication Provider

  1. Edit Library/WEB-INF/classes/auth/trusted/custom_security.properties in a text editor.

  2. Fill in LoginParam and DistinguishedName based on your setup with authentication provider.
    • LoginParam is the name of the header variable that your provider will use for authentication.
    • DistinguishedName is the name of the header variable that will supply the Distinguished Name of the user for LDAP synchronization.
  3. Restart Strategy Library to apply the changes.