If you are a Server administrator, you can enable SSO for other administrator account including yours. After you enable SSO, inSync disables passwords for all other administrators, except the administrator who enabled SSO and the legal administrators. The administrator who enabled SSO, by default, becomes the fail-safe administrator.
- If you enabled SSO for administrators, you can either use your inSync password or SSO for accessing inSync Master Management Console. This functions as a fail-safe mechanism to avoid permanent lock-out of administrators in some scenarios, for example, the IdP configuration changes before updating the inSync configuration.
- inSync password for legal administrators is not disabled, in order to allow them access to legal hold data using WebDAV. WebDAV does not support SSO login mechanism.
- Access to WebDAV for all other administrators is also disabled, as their inSync password is disabled.
What you should know about enabling SSO for administrators
- You can enable SSO for administrators if you are using the Private Cloud Elite or Private Cloud Enterprise edition of inSync.
- SSO is available optionally; you can enable SSO for your administrators even if you did not use SSO before. Similarly, you can stop using SSO access at any time.
- If you enabled SSO for users, SSO access for administrators who are inSync users is enabled by default.
- Enabling SSO ensures that the password policy for inSync is aligned with your organization's policy.
- To enable SSO for administrators, you must be a Server administrator. An enable operation results in the inSync password of other administrators except yours and legal administrators getting disabled. Other administrators receive email notifications. However, you can continue to access inSync Master Management Console using SSO, as well as your inSync password. The twin access prevents a lockout scenario. For example, if you change your IdP settings before changing the inSync configuration, SSO access is disabled for all administrators, resulting in a complete inability to access inSync Master Management Console. In scenarios such as these, you can log on with your inSync password, and update the inSync configuration accordingly.
- Any server administrator can become the fail-safe administrator. For more information, see Change a fail-safe administrator.
- However, if you want to, you can explicitly disable access using the inSync password (provided that you enabled SSO for all administrator accounts). For more information, see Disable password for administrator who enabled SSO.
Note: We strongly recommend that you DO NOT disable access using inSync password for the Server administrator account that enabled SSO for administrators.
To enable SSO for administrators
- On the inSync Master Management Console menu bar, click > Settings.
- Click the Single Sign-On tab and under inSync Configuration, click Edit. The Single Sign-On Settings window appears.
- Select the Enable single sign-on for administrators check box.
- Click Save.