Creating single sign-on credentials

Use the Create and Edit Single Sign-On Credentials wizard to create single sign-on shared credentials for the selected system.

1. In the IBM Flex System Manager Web interface navigation area, click Resource Explorer > group name > system name.
2. Click Actions > Security > Configure Single Sign-On Credentials. The Configure Single Sign-On Credentials page is displayed.
3. Click a remote-service console access point. The credentials associated with that access point are listed.
4. Click Create. The Create and Edit Single Sign-On Credentials wizard is displayed.
   Notes:

   • If the Create button is disabled, all credential mappings that you have the authority to create have been created for the configured authentication registry on the selected system. A credential mapping can be created only for those Web interface users who have logged in to IBM Flex System Manager at least once. Existing credential mappings can still be edited or deleted.
   • If the Create button is unavailable, the selected console access point is on the IBM Flex System Manager. Single sign-on credentials for these access points can only be displayed. You cannot create or edit these credentials because they are automatically created when Web interface users log in to IBM Flex System Manager.
5. From the Authentication Registry Type list, select the type of authentication registry that you want to create.
   Note: If an authentication registry has already been configured for the selected console access point, the value for the authentication registry type cannot be changed. It is set to the previously configured authentication registry type for the access point.

   The three authentication registry types are as follows:

   Local OS

   Authenticates user login requests with the local operating system of the target system. The target system must have a corresponding user account in the operating-system registry.

   LDAP

   Authenticates user login requests with a Lightweight Directory Access Protocol (LDAP) server. Ensure that the LDAP server is configured in your environment and available to the target system.

   Domain

   Authenticates user login requests with a specific domain server. Ensure that the domain server is configured in your environment and available to the target system.

6. Enter the appropriate user ID and password for the system. If you are creating a credential for a resource that has defined a specific user ID that must be used when authenticating, you cannot change the value in the User ID field.
7. Click Next. The "Assign to IBM Flex System Manager User" page is displayed.
   Note: This page lists only Web interface users who have logged in to IBM Flex System Manager. These users must log in at least once before a credential mapping can be created.
8. Select the IBM Flex System Manager Web interface user for whom the single sign-on credential is being created. You can use the current user or choose another user from the table.
   Remember: Only one mapping can be created for each of the users on this page.
9. Click Next. The Summary page is displayed.
10. Click Finish. The credentials are automatically used to authenticate to the selected console access point on the system.