Remote SSO Overview

The Remote Single Sign-On (SSO) feature enables the admin to specify the URL sign-in page of an application to which you want the system to post a user's credentials, minimizing the need for users to re-enter their credentials when accessing multiple back-end applications. You may also specify additional forms values and custom headers (including cookies) to post to an application's sign-in form.

Remote SSO configuration consists of specifying Web resource policies:

Form POST policy - This type of Remote SSO policy specifies the sign-in page URL of an application to which you want to post system data and the data to post. This data can include the user's primary or secondary username and password as well as system data stored by system variables. You can also specify whether or not users can modify this information.

Headers/Cookies policy - This type of Remote SSO policy specifies resources, such as customized applications, to which you can send custom headers and cookies.

If a user's system credentials differ from those required by the back-end application, the user can alternatively access the application:

By signing in manually - The user can quickly access the back-end application by entering his credentials manually into the application's sign-in page. The user may also permanently store his credentials and other required information in the system through the Preferences page as described below, but is not required to enter information in this page.

Specifying the required credentials on Ivanti Connect Secure - The user must provide the system with his correct application credentials by setting them through the Preferences page. Once set, the user must sign out and sign back in to save his credentials. Then, the next time the user clicks the Remote SSO bookmark to sign in to the application, the system sends the updated credentials.

Use the Remote SSO feature to pass data to applications with static POST actions in their HTML forms. It is not practical to use Remote SSO with applications that employ frequently changing URL POST actions, time-based expirations, or POST actions that are generated at the time the form is generated.