Using SSO with the CA Agile Central Excel add-in

Document ID : KB000047747
Last Modified Date : 14/02/2018
Show Technical Document Details


Configuration information for SSO and Excel with CA Agile Central


How do I configure the CA Agile Central Excel add-in to work with SSO (Single Sign On)?


CA Agile Central follows the SAML specification for SSO authentication. This specification requires that a value called the RelayState be passed among the participants in a SSO authentication handshake. The RelayState specifies the final destination that the user wants to visit after being authenticated and is always a URL of some kind. All SAML SSO providers allow the user to set this value. Usually this is done by appending an additional URL parameter to the normal SSO connection URL. Be aware that different SSO providers use different parameter names to set this value.

In order to connect to CA Agile Central using SSO, you must provide a SSO URL that will set the SAML RelayState to the following URL value:


The normal SSO URL in CA Agile Central's internal environment looks like this:

    • To access your subscription's SSO URL, while logged in as a Subscription Administrator, click the Setup button on the top right, then click the Subscription tab.? In the Authentication option, you will see your Identity Provider URL. You MUST use the entire URL, not just the endpoint at the end of the URL.

A complete Excel SSO URL in the CA Agile Central's internal environment looks like this:


As you can see, in CA Agile Central's internal environment we use a URL parameter named "TargetResource" to set the RelayState. In other environments that we have tested, the SAML RelayState is set using "RelayState" or "Target". Your environment may use one of these parameter names or something completely different.


  1. Use of SSO in the Excel add-in is not supported for On-Premises users.
  2. If your Subscription Administrator or IT team has further modified the SSO URL and appended additional actions, for example, OnFail=, this will need to be removed from the SSO URL before adding the &TargetResource= portion of the URL.