RM Logo
Technical Rating: 
Support Home PageSupport
Print This PagePrint This Page
Add to 'My Library' Add to 'My Library'

Preparing your network for desktop single sign-on (SSO) with RM Unify
Published Date : 20 Jul 2015   Last Updated : 23 Dec 2016   Content Ref: TEC4668878  





Symptoms

The following local configuration is required for RM Unify desktop single sign-on (SSO):

  1. RM Unify AD Sync v3.
  2. Enable desktop SSO in RM Unify.
  3. Set the RM Unify SSO URL as your Internet browsers' landing page*.
  4. Configure Internet browsers to trust https://*.rmunify.com* - desktop SSO is only compatible with Internet Explorer and Chrome. 
  5. Configure user authentication for 'Trusted sites' *.
  6. Configure website navigation in 'Trusted sites'*.

* These settings can be achieved via GPO or your usual network management tool. Further details in each section below.



Requirements

RM Unify AD Sync v3

RM Unify AD Sync is a prerequisite for the desktop SSO feature. Please refer to DWN3182456 in the Other Useful Articles section below for instructions on how to install or upgrade your existing version.


RM Unify Management Console - SSO Setings

Set the RM Unify SSO URL

To benefit from desktop SSO, users should navigate to a specific URL based on your school's existing RM Unify scope. This will be the existing scope, appended with /sso. For example, if your school's RM Unify scope is https://school.rmunify.com then your SSO URL will be https://school.rmunify.com/sso.

Set the default landing page for your Internet browsers to be your RM Unify SSO URL. 

Depending on your network type, this could be set via GPO or your usual network management tool. If you have a CC4 network please see TEC1710358 in the Other Useful Articles section below. Otherwise, please see your usual network support provider for assistance with this.


Configure browsers to trust https://*.rmunify.com

Desktop SSO currently works with Internet Explorer and Google Chrome.
Add https://*.rmunify.com to the 'Trusted sites' zone in your Internet browsers. This will allow the browser to complete automatic login with RM Unify.

Depending on your network type, this could be set via GPO or your usual network management tool. If you have a CC4 network please see TEC4698403 in the Other Useful Articles section below. Otherwise, please see your usual network support provider for assistance with this.


Configure user authentication for 'Trusted sites'

You must ensure that the following setting is enabled within the 'Trusted sites' zone by following the steps below:

  1. Click Tools, 'Internet options'.
  2. Click the Security tab, select the 'Trusted sites' zone, click Custom level.
  3. Scroll down to find the User Authentication section.
  4. Under the Logon sub-section, click the 'Automatic logon with current user name and password' radio button.
  5. Click OK, click OK.

Depending on your network type, this setting could be made via GPO or your usual network management tool. If you have a CC4 network please see TEC4698403 in the Other Useful Articles section below. Otherwise, please see your usual network support provider for assistance with this.

Image showing the 'Automatic logon with current user name and password' radio button

Configure website navigation in 'Trusted sites'

To allow uninterrupted single sign-on, with no end user prompts, you must also ensure that the 'Trusted sites' zone has 'Websites in less privileged web content zone can navigate into this zone' set to 'Enable':

  1. Click Tools, 'Internet options'.
  2. Click the Security tab, select the 'Trusted sites' zone, click Custom level.
  3. Scroll down to find the Miscellaneous section.
  4. Under 'Websites in less privileged web content zone can navigate into this zone' heading, click Enable.
  5. Click OK, click OK.

Depending on your network type, this could also be made via GPO or your usual network management tool. If you have a CC4 network, please see TEC4698403 in the Other Useful Articles section below. Otherwise, please see your usual network support provider for assistance with this.

Image showing the Enable radio button


Possible Issues

Users are redirected to the RM Unify login page when using the SSO URL
If the user has not changed their network password since installation of AD Sync v3 we will detect this and redirect them to the RM Unify sign in page. After logging on once, the user can log off and subsequently use the SSO URL to be automatically signed into RM Unify.


Other Useful Articles

RM Unify - Using CC4 GPOs to make the browser settings required for device single sign-on (TEC4698403)
RM Unify AD Sync Service v3 (DWN3182456)

FEEDBACK
Did the information in this article help answer your question?
 Yes
 No
Please add any comments about this article in the box below. If you answered No then it is important you tell us why so that we can change the article if required. We can only respond if you log in to the RM Support website or provide your contact details. Note: If you need help with a technical query, please log a call online or telephone our support team.
Thank you for your feedback, which is sent directly to the RM Knowledge team. We address every message received with the intention of improving our Knowledge Library articles. If you have an unresolved technical issue, please contact RM Support.


If this article has not helped provide a solution then it is also possible to log a call...



Document Keywords: dsso, device


Please read - important disclaimer information.
http://www.rm.com/_RMVirtual/Includes/csredirect.asp?cref=&title=Standard Content Disclaimer


Top Of PageTop of page