Table of Contents

Search

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Security Domains
  5. Kerberos Authentication
  6. Domain Security
  7. Single Sign-on for Informatica Web Applications
  8. Security Management in Informatica Administrator
  9. Users and Groups
  10. Privileges and Roles
  11. Permissions
  12. Audit Reports
  13. Command Line Privileges and Permissions
  14. Custom Roles
  15. Default List of Cipher Suites

Before You Enable Single Sign-on

Before You Enable Single Sign-on

Ensure the Windows network and Informatica domain gateway nodes are configured to use single sign-on.
Validate the following requirements to ensure that the Informatica domain can use single sign-on:
Verify that the required services are deployed and configured on the Windows network.
Single sign-on requires the following services:
  • Microsoft Active Directory
  • Microsoft Active Directory Federation Services 2.0
Ensure the Informatica web application services use secure HTTPS connections.
By default, AD FS requires that web application URLs use the HTTPS protocol.
Ensure that the system clocks on the AD FS host and all gateway nodes in the domain are synchronized.
The lifetime of SAML tokens issued by AD FS is set according to the AD FS host system clock. Ensure that the system clocks on the AD FS host and all gateway nodes in the domain are synchronized.
To avoid authentication issues, the lifetime of a SAML token issued by AD FS is valid if the start time or end time set in the token is within 120 seconds of a gateway node's system time.


Updated October 10, 2019