8.7 Configuring Self Service Password Reset for Single Sign-On Clients

Self Service Password Reset can integrate with different systems to provide a single sign-on (SSO) experience for your users. Self Service Password Reset supports basic authentication (basic auth), HTTP SSO, and OAuth.

8.7.1 Configuring Basic Authentication for Single Sign-On

Self Service Password Reset allows you to use HTTP basic authentication for a single sign-on experience for your users. By default, Self Service Password Reset uses basic authentication.

To configure basic authentication:

  1. Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.

  2. In the toolbar, click your name.

  3. Click Configuration Editor.

  4. Click Settings > Single Sign On (SSO) Client > Basic Authentication.

  5. Use the help to configure the settings for basic authentication.

  6. In the toolbar, click Save changes.

8.7.2 Configure HTTP for Single Sign-On

Self Service Password Reset allows you to create a single sign-on experience using an HTTP header. Self Service Password Reset uses the HTTP header to automatically log users into an application with a user name only.

To configure the HTTP header for single sign-on:

  1. Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.

  2. In the toolbar, click your name.

  3. Click Configuration Editor.

  4. Click Settings > Single Sign On (SSO) Client > HTTP SSO.

  5. Use the help to configure single sign-on for your users.

  6. In the toolbar, click Save changes.

8.7.3 Configuring OAuth Single Sign-On

Self Service Password Reset allows you to create a single sign-on experience for your users using OAuth. You must have a basic understanding of OAuth to complete the configuration because you must obtain OAuth-specific information from the application to complete the configuration. For more information, see https://oauth.net/2/.

You must gather the following information from the OAuth Identity Server of your application before you can complete the configuration:

  • URL for the OAuth login

  • OAuth code resolve service URL

  • OAuth profile service URL

  • OAuth web server certificate

  • OAuth client ID

  • OAuth shared secret

  • Attribute you want the OAuth server to use to identify the user names

Use the information you gathered to create an OAuth single sign-on experience for your users:

To configure OAuth SSO:

  1. Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.

  2. In the toolbar, click your name.

  3. Click Configuration Editor.

  4. Click Settings > Single Sign On (SSO) Client > OAuth.

  5. Use the information you gathered and help to configure OAuth for your users.

  6. In the toolbar, click Save changes.