About Single Sign On and OpenText Core
Before you begin...
Welcome to OpenText Core Enterprise Login Single Sign On (SSO). Continue reading for details and configuration instructions.
How does Single Sign On work?
SSO allows your employees to sign on to OpenText Core using their Active Directory or LDAP credentials. What’s more is that account management is simplified by syncing your users with OpenText Core, allowing them to be provisioned and their lifecycle managed through your organization’s existing policies.
If you are an existing customer and your employees are already using OpenText Core, then it is no problem to switch these accounts over to SSO. Once they have been synced with Core via OpenText Enterprise Directory Sync Software they will automatically be switched to SSO!
If you have contractors or temporary staff who do not have Active Directory or LDAP accounts in your organization, no problem; you can create and manage these accounts just as you do today.
How does Account Management of my workforce change?
When SSO and sync are configured, any employee who is added to the “OpenText Core Users” Active Directory Group will automatically get synced and provisioned within OpenText Core.
If an employee leaves your organization, they will be automatically deleted from OpenText Core when:
a) They are removed from the OpenText Core Users Group
b) They are deleted from your Active Directory/LDAP server
If the employee’s account is disabled in Active Directory/LDAP, they will automatically be assigned a “Locked” user status in OpenText Core, meaning that they cannot log in.
You should only remove an Employee from the “OpenText Core Users” Active Directory Group if you intend on deleting the user from your OpenText Core environment. Once deleted, there is no way of recovering the user’s files or settings.
What you will need to configure SSO in OpenText Core
In order to use SSO in OpenText Core, you will need to make sure your organization has a few things in place:
- An Identity Management Provider (IdP) must be installed and configured in your organization. Currently OpenText Core officially supports Active Directory Federation Services (ADFS) 2.0/3.0, but many other Identity Management Providers may work as well.
- A Virtual Machine (VM) will need to be created within your organization’s network. This VM will run OpenText Enterprise Directory Sync software. It is responsible for querying your Active Directory or LDAP server and syncing users with OpenText Core.
- You will require an Active Directory Security Group be created that will contain all the users in your organization that will be using OpenText Core via SSO.
Some Things to Consider…
A couple of recommendations to help you configure Single Sign On for OpenText Core:
- Engage with your IT department to make sure you have the necessary services available to set up and configure OpenText Core.
- Create a user account promoted to be an OpenText Core Admin and who will not be using Single Sign On. This ensures that if you encounter problems during the setup, or later need to change your configuration, that you can access OpenText Core through the Standard Log In (as opposed to SSO/Enterprise Log In) to adjust your configuration.
- After you have created an Active Directory Security Group called “OpenText Core Users”, we recommend adding a single test account to the Group. This gives you a chance to verify that the process is working properly and to make adjustments before deploying SSO to your organization.
Karen Weir | Forum Moderator | OpenText