Integrating SSO with Microsoft Active directory

Document ID : KB000098912
Last Modified Date : 05/06/2018
Show Technical Document Details
Question:
I'd like to know how to integrate CA Single Sign-On with Microsoft Active Directory.
Answer:
At first glance, how-to and integration request should be addressed to
CA Services. We invite you to do it now.

  CA Services
  https://www.ca.com/us/services-support/ca-services.html?intcmp=headernav

  Contact CA Services
  https://www.ca.com/us/contact/services.html

But we can give you some paths to start your integration.

Usually, we use Active Directory as User Store. Here is the
documentation on how to configure it.

From our documentation, 

  Configure an Active Directory User Store Connection
  https://docops.ca.com/ca-single-sign-on/12-8/en/configuring/policy-server-configuration/user-directories/configure-an-active-directory-user-store-connection

  Configure an Active Directory Global Catalog User Directory Connection
  https://docops.ca.com/ca-single-sign-on/12-8/en/configuring/policy-server-configuration/user-directories/configure-an-active-directory-global-catalog-user-directory-connection

  Configure Active Directory as a Policy Store
  https://docops.ca.com/ca-single-sign-on/12-8/en/installing/install-a-policy-server/configure-ldap-directory-servers-as-policy-session-and-key-stores/configure-an-ldap-directory-server-as-a-policy-store/configure-active-directory-as-a-policy-store

You can take a look at the Password Management integration with Active Directory here :

  Tech Tip : CA Single Sign-On : Siteminder password Management
  https://communities.ca.com/message/242114748-tech-tip-ca-single-sign-on-siteminder-password-management

  Siteminder password Management
  https://comm.support.ca.com/kb/siteminder-password-management/KB000096310

and some known issues :

  Tech Tip : CA Single Sign-On : Policy Server authenticate user in Active Directory even if the User must change its password. No redirection happens.
  https://communities.ca.com/message/241991055-tech-tip-ca-single-sign-on-policy-server-authenticate-user-in-active-directory-even-if-the-user-must-change-its-password-no-redirection-happens

  Policy Server authenticate user in Active Directory even if the User must change its password. No redirection happens.
  https://comm.support.ca.com/kb/policy-server-authenticate-user-in-active-directory-even-if-the-user-must-change-its-password-no-redirection-happens/kb000007349

  Tech Tip : CA Single Sign-On : Cannot configure an AD Namespace in AdminUI
  https://communities.ca.com/message/242112934-tech-tip-ca-single-sign-on-cannot-configure-an-ad-namespace-in-adminui

  Cannot configure an AD Namespace in AdminUI
  https://comm.support.ca.com/kb/cannot-configure-an-ad-namespace-in-adminui/KB000091884