When should Identity Manager and Single Sign On be tightly integrated?

Document ID : KB000108069
Last Modified Date : 30/07/2018
Show Technical Document Details
Introduction:
Integrating CA Identity Manager and CA Single Sign On is a complex process with many manual steps and processes that can be tricky to implement and maintain. Before deciding on this particular configuration, analyze your business requirements and see if this integration is truly necessary.
Question:
What functionality is gained by integrating CA Identity Manager and CA Single Sign On?
Environment:
CA Identity Manager 14.x
CA Single Sign On 12.x
Answer:
If all you want/need is for SSO to protect the CA Identity Manager resources, you can choose to loosely integrate the two products, by turning off IM's FrameworkAuthScheme and protecting the /iam/IM* resources as you would any other URL resource in SSO. You can see more details on this here:

https://communities.ca.com/thread/99851321

By doing this you lose these functionalities:
 
Auth/Az mapping for login: https://docops.ca.com/ca-identity-manager/14-2/EN/configuring/ca-single-sign-on-integration/ca-sso-operations/configure-an-environment-to-use-different-directories-for-authentication-and-authorization/
 
Access Roles in SMPS:https://docops.ca.com/ca-identity-manager/14-2/EN/administrating/access-roles
Password Policies that leverage SSO's password featureshttps://docops.ca.com/ca-identity-manager/14-2/EN/user-console-help/password-policies/ca-identity-manager-and-ca-siteminder-integration-password-criteria
 
Using Identity Manager’s password services page for resources protected by SiteMinder domain that is linked to an IMEhttps://docops.ca.com/ca-identity-manager/14-2/EN/user-console-help/password-policies/password-policies-overview
Collect User Credentials Using an SSO Custom Authentication Scheme (certificate based auth, RSA, multiple factor (AA based), etc.)
 
https://docops.ca.com/ca-identity-manager/14-2/EN/configuring/ca-single-sign-on-integration/ca-sso-operations/collect-user-credentials-using-a-custom-authentication-scheme