12.3 Enabling Single Sign-on with ESM

You must configure ESM to use OSP Client Only Authentication. If your ESM environmnent currently uses an external SAML 2 client authentication, you must delegate the Fusion SSO provider to connect to the SAML client. If you do not use SAML 2 authentication, you will need to configure SMTP settings for Fusion to support forgotten password activity.

This procedure assumes that you have already installed or upgraded ESM.

  1. Change the authentication settings for the ESM Manager service:

    1. On the ESM server, start the configuration wizard by entering the following command from the /opt/arcsight/manager/bin/ directory:

      arcsight managersetup -i console

    2. Advance through the wizard until you reach the authentication settings.

    3. Select OSP Client Only Authentication, then click Next.

    4. To specify the host and port for the OSP server, use the following format:

      domain_name:port

    5. To specify the host and port for the ArcSight Command Center, use the following format:

      domain_name:port

      Typically, the host and port are the same as those for the ArcSight Manager.

    6. Specify a Tenant Name for OSP. The default value is default.

    7. Click Next until you complete your changes in the wizard.

    8. Restart the ESM Manager service using the following commands:

      /etc/init.d/arcsight_services stop manager
      /etc/init.d/arcsight_services start manager

  2. Change the authentication settings for the ArcSight Console (Console):

    1. From the Console’s /bin directory, enter one of the following commands:

      On Windows: arcsight.bat consolesetup

      On Linux: ./arcsight consolesetup

    2. Advance through the wizard until you reach the authentication settings.

    3. Select OSP Client Only Authentication.

    4. Click Next until you complete your changes in the wizard.

  3. Configure the SSO settings in the CDF Management Portal:

    1. Connect to the Portal:

      https://Fusion_server:5443

    2. Log in with the credentials of the administrative user that you provided during installation.

    3. Select ANALYTICS.

    4. Under Single Sign-on Configuration, specify the Client ID and Client Secret.

    5. Under ArcSight ESM Host Configuration, verify the settings for the ESM host and port that were specified during deployment.

  4. (Conditional) To use an external SAML2 authentication method, continue to Integrating Fusion Single Sign-On with an External SAML 2 Identity Provider.

  5. (Conditional) If you do not use an external SAML 2 authentication method, ensure that users can receive email notifications to change their Fusion password. Continue to Connecting to an SMTP Server.