Single Sign-On Authentication

Workspace can be configured to use single sign on (SSO) authentication.

You must configure the following parameters:

  • showLogoutButton - Use this parameter to specify that the Logout button not be displayed. The Logout button is not needed when using Kerberos because the session is controlled external to the application.
    • To use the Configuration Administrator to configure this parameter, see Application.
    • To configure the parameter in the config.xml file, see showLogoutButton.
  • authenticationMode - You must ensure that the authenticationMode parameter's mode attribute is set to "useSessionByDefault". This causes the application to use the current session, and prevents the Login dialog from being displayed. You must also set the authenticationMode parameter's useLDAP attribute to false.

    For information about this parameter, see Authentication Mode.

Note: Openspace and Workspace (as well as custom WCC applications) can be configured to allow dual authentication, meaning that the application concurrently supports both direct authentication and SSO authentication. When configured for dual authentication, users can log in using direct authentication, even if ActiveMatrix BPM is configured to use SSO authentication.

For additional information about dual authentication, see Dual Authentication.

For more information about using SSO in ActiveMatrix BPM, see the TIBCO ActiveMatrix BPM Single-Sign On guide.