After you have registered an Active Directory domain, you can configure True SSO on it.


Before configuring True SSO, you must first have at least one Identity Manager configured. See Identity Management.


  1. In the Administration console, select Settings > Active Directory.
  2. Click the Download Pairing Token link under True SSO Configuration.
    The pairing_bundle.7z file downloads to your Downloads folder.
  3. Unzip the two certificate template files from the bundle.
    Note the location of the files. You will need these when configuring the Enrollment Server in the last phase in the infrastructure setup.
  4. Set up the required infrastructure as described in Infrastructure Setup for True SSO.
  5. On the Active Directory page in the Administration console, click Add next to True SSO Configuration.

    The True SSO Config dialog displays.

    Note: Because you already downloaded the pairing token on the Active Directory page, you can ignore the Download Pairing Token link in this dialog.
  6. Enter the name of your enrollment server in the Primary Enrollment Server field and click the Test Pairing button next to the field.
    The other required fields are auto-populated.
  7. Click Save
  8. To configure a Secondary Enrollment Server for high-availability, do the following.
    1. Repeat the process described in Set up the Enrollment Server on a second machine.
    2. Edit the True SSO configuration and add the second ES address in the Secondary Enrollment Server field, and then test the pairing.
    3. Save the configuration again.


The configuration information now appears on the Active Directory page under True SSO Configuration.