Support Article
Restrict SMA access using SSO
SA-2493
Summary
Client would like to restrict System Management Application (SMA) access using Single Sign-On (SSO) via Siteminder. Can restrict the web resource URL such that Siteminder can intercept the request to /prsysmgmt and prompt for authentication. Once authenticated via Siteminder, there is no provision for external / custom authentication in SMA similar to the one PRServlet.
Resolution
The explanation for this behavior is as follows: Single Sign-On authentication can be setup completely external to the SMA using a product such as Siteminder. Basic authentication inside of SMA can then be disabled. Setting up a user database in Tomcat and connecting it to the Siteminder system can accomplish the goal of mapping specific roles (such as PegaDiagnosticUser) to specific users. This is entirely outside the scope of the SMA application though and is not documented by Pegasystems. Refer to Apache Tomcat documentation.
Published January 31, 2016 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.