Users Guide

Configuring CMC For Single Sign-On Or

Smart Card Login

This section provides information to configure CMC for Smart Card login and Single Sign-On (SSO) login

for Active Directory users.

Starting with CMC version 2.10, CMC supports Kerberos based Active Directory authentication to support

Smart Card and SSO logins.

SSO uses kerberos as an authentication method allowing users who have signed in to the domain to have

an automatic or single sign-on to subsequent applications such as Exchange. For single sign-on login,

CMC uses the client system’s credentials, which are cached by the operating system after you log in

using a valid Active Directory account.

Two-factor-authentication, provides a higher-level of security by requiring users to have a password or

PIN and a physical card containing a private key or digital certificate. Kerberos uses this two-factor

authentication mechanism allowing systems to prove their authenticity.

NOTE: Selecting a login method does not set policy attributes with respect to other login interfaces,

for example, SSH. You must set other policy attributes for other login interfaces as well. If you want

to disable all other login interfaces, navigate to the Services page and disable all (or some) login

interfaces.

Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows 7, and Windows

Server 2008 can use Kerberos as the authentication mechanism for SSO and smart card login.

For information on Kerberos, see the Microsoft website.