Cloud single sign-on Cloud single sign-on (SSO) is the Web Gateway service that allows end users in your organization to access cloud services and applications after providing credentials one time. The SSO service is implemented by the Single Sign On module. In the context of cloud single sign-on, unless otherwise noted, the following terms are used as described here: The term Service Provider refers to the organization that provides the cloud service or application. The terms cloud service and cloud application are used interchangeably. The term user refers to the end user in your organization who seeks access to cloud services and applications. Using the launchpad provided by Web Gateway, users submit credentials, open applications, and manage their accounts in the applications. The term user interface refers to the Web Gateway user interface where administrators configure the SSO service. The term custom connector refers to any cloud connector configured from a template. Web Gateway provides a range of connector templates. Some templates come with most, but not all, configuration built in. Other templates allow you to build cloud connectors from scratch. How cloud single sign-on is configured To configure SSO access to cloud services and applications, complete the following high-level tasks. Considerations when exporting and importing the SSO rule set The SSO rule set export and import does not include the SSO credentials required for accessing HTTP cloud applications or the Service IDs of custom connectors. SSO process in proxy and non-proxy modes The steps in the SSO process depend on whether the user's credentials are submitted to the cloud application directly (non-proxy mode) or through Web Gateway (proxy or inline mode). Supported authentication methodsGenerally, each cloud service or application uses one authentication method to log on end users. SSO Catalog of supported cloud services The SSO Catalog consists of all cloud applications and services supported by Web Gateway with cloud connectors. SSO Connector lists Web Gateway uses SSO Connector lists to control access to cloud services and applications. Providing SSO services for HTTP cloud applicationsWeb Gateway supports many cloud services and applications that use HTTP authentication to log on end users with predefined cloud connectors or individual cloud connector templates. Providing SSO services for SAML 2.0 cloud applicationsWeb Gateway supports cloud services and applications that use SAML 2.0 authentication to log on end users by providing cloud connector templates. SAML authentication using an external Identity ProviderTo support organizations that want users to authenticate using a trusted, external Identity Provider, Web Gateway performs the SAML Service Provider role. Providing SSO services for .NET and Java web applicationsUsing the Single Sign On rule set and the generic IceToken cloud connector template, you can configure single sign-on to any .NET or Java web application. Use this option when Web Gateway does not support the web application with a predefined connector or connector template. How the end user works with the application launchpad Using the application launchpad, the end user can open applications and select and manage application accounts. Customizing the application launchpad In the Web Gateway interface, you can specify a name and description for your organization, customize the look of the text, and import images of your organization and product logos. You can also customize the header, footer, and sidebar that frame the launchpad. Creating bookmarks to cloud services for your organization You can create bookmarks to cloud services or applications for users across your organization. Monitoring logons to cloud services on the dashboard On the dashboard in the user interface, you can view statistics about the number of logons to all cloud applications and services. Single Sign On rule set summaryYou configure and manage single sign-on through the Single Sign On rule set as well as related lists and settings. Single Sign On rule set reference Using the nested rule sets that come with the Single Sign On rule set, you can configure SSO access to cloud services and applications for end users in your organization. SSO logging overview The SSO Log rule set generates the SSO access log, and optionally the SSO trace log, from information about SSO requests that the proxy stores in the SSO.LogAttributes property. Resolving SSO issues See the following table for SSO issues and ways to resolve them.