If configuring Cloud Access Manager (CAM) to allow single sign on using Kerberos for users who are in separate domain/forests, with no trusts in place or only a one way trust to the domain with Cloud Access Manager services installed. Then it is necessary to ensure the account used by CAM to connect to that domain/forest has the same password as the CAM Service account. It is not necessary for the account to be named the same, simply have the same password.
This is a requirement of Microsoft Kerberos.
To enable the user's web browser to authenticate the user with Cloud Access Manager using Kerberos, the browser must first identify the service account used to run Cloud Access Manager. The user’s browser must authenticate with the Cloud Access Manager service account. This is achieved by configuring a Service Principal Name (SPN) for the service account that maps the Cloud Access Manager Proxy hostname to the Cloud Access Manager service account name.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center