Configuring an existing appliance for single sign-on

Important:

Single sign-on is supported when the deployment includes the Security Appliance Manager.

When you register Forcepoint appliances in the Security Manager, you can configure single sign-on. When you click the Single Sign-On button, a page displays that describes how to manage your appliance using the CLI, and provides access to the Content Gateway Manager if Content Gateway is running on the appliance.

  1. From Registered Appliances, click Configure single sign-on for the appliance you want to edit.

    The Configure Appliance Single Sign-on page displays.

  2. Mark the check box Enable single sign-on from the Security Manager.
  3. Enter the administrator password for the appliance.
  4. To specify Security Manager administrators who have single sign-on permissions for this appliance, click User Permissions.
  5. To give an administrator single sign-on permissions, mark the check box next to the user name in the Available users list, and then click the right arrow (>) to add the administrator to the Users with access list.
    Note: Global Security Administrators and administrators with full appliance access are grayed out in the Users with access list, because they have single sign-on access by default, and this cannot be changed.
  6. Click OK.

    The settings are saved.

An appliance can only be configured for single sign-on from one Security Manager instance. If another Security Manager instance has already registered an appliance with single sign-on, an error message appears. Select Transfer registration to transfer the single sign-on to this Security Manager instance, or select Register without Single Sign-On to register the appliance and preserve single sign-on configuration on the other Security Manager.