The current authentication method for CA Single Sign On is form based. If it is changed to IWA or NTLM, how would Privileged Identity Management be affected?
While having IWA or NTLM authentication in the integration has not been officially tested, PIM should not be affected by a change in the SSO authentication method. When PIM is integrated with SSO, the authentication framework is replaced with SSO. When the integration is in place, the only authentication that takes place from a PIM perspective is that it checks with SSO whether or not the user has been verified. In this instance, changing from a form-based authentication method to IWA or NTLM authentication should not change anything from a PIM perspective. It is suggested that this be tested in a lower environment before putting it into production.
For information on how PIM integrates with SSO, please see our Integration Guide.