Configuring Single Sign-On
With Enterprise SSO, users can sign in to TIBCO Control Plane by using a Single Sign-on with a corporate account. You must not set up new login credentials specific to TIBCO Control Plane. Instead, users in your organization can easily log in to TIBCO Control Plane with their organization credentials through custom IdP (identity provider). User authentication follows your organization security policies.
- Your organization must have an IdP that is compliant with the SAML 2.0 web browser SSO profile.
- You must have IdP Manager permission in the TIBCO Control Plane. For more information, see Permissions.
- Procedure
-
Go to User Management > Configure SSO and click Request access.
-
In the Request permission to enable Sign in with Corporate account dialog, enter all the necessary information and click Send.
An email is sent to the TIBCO Support team. The TIBCO Support team then contacts you with further questions and instructions to set up your IdP. After TIBCO and your IT department have configured and enabled services on both sides to authenticate users, all newly invited users in the organization are authenticated by your IdP instead of setting up passwords at TIBCO Accounts.
Additional Information
-
As part of the IdP configuration questionnaire, the IdP manager must provide a fixed number of groups from their IdP.
-
If the IdP manager has to delete any of these groups after they are configured in TIBCO Control Plane, they must send a request to TIBCO Support.
-
If such a group has attached permissions, deleting the group deletes the attached permissions automatically. TIBCO Support lets the IdP manager know about the attached permissions and get confirmation from IdP manager.
-
The permissions for users who are part of the deleted group are automatically revoked.