Microsoft Single Sign-On Service (v 1.0)

If you already have the Microsoft Office SharePoint Server (MOSS) Single Sign-on (SSO) Service running in your environment, you may skip the section immediately below and move on to "Steps to Configure a SSO Application for Confluence". However, you may want to review the steps to ensure your existing configuration will be compatible regarding domain accounts and general access/permissions.

Note: These steps come directly from the Microsoft TechNet documentation (see link for "Start the Single Sign-on Service" below).

Steps to Configure the MOSS SSO Service

  1. From Administrative Tools, click Services.
  2. Double-click Microsoft Single Sign-On Service.
  3. On the Log On tab of the Single Sign-On Service Properties page, click This account, and then type the domain, user name, and password that you have used to install and manage your server.

    This account should be the same account used for the SharePoint application pool associated to the SharePoint site that will be using the Single Sign-on Service. The account must be associated to the dbcreator and securityadmin SQL Server roles on the SQL Server that will be used to host the SSO database. See Dave Wollerman's SharePoint Blog.

  4. Click Apply.
  5. On the General tab of the Single Sign-On Service Properties page, change the startup type to Automatic, click Start, and then click OK.

Steps to Configure the MOSS SSO Service Settings

Note: These steps come directly from the Microsoft TechNet documentation (see Manage Settings for Single Sign-on).

Please log in as the account used in step 3 of the "Steps to Configure the MOSS SSO Service" above. This account will be used to create the SSO database.
Note: This user will require SQL Server role assignments for dbcreator and securityadmin to be able to create the SSO database.

  1. From Administrative Tools, open the SharePoint Central Administration Web application.
  2. On the Central Administration home page, click Operations.
  3. In the Security Configuration section, click Manage settings for single sign-on.
  4. On the Manage Settings for Single Sign-On page, click Manage server settings.
  5. In the Account Name box for the SSO Administrator account, type the same domain and user name that you used to configure the Single Sign-On service. If the user name you used to configure the Single Sign-On service is a member of a Windows security group, you can type the name of the Windows security group instead of a user name.
  6. In the Enterprise Application Definition Administrator Account box, type the same domain and user name that you used to configure the Single Sign-On service.
  7. In the Server name box, type the SQL Server instance name (netbios\instance naming convention) to use for the Single Sign-on database.
  8. In the Database name box, type the name for the Single Sign-on database (Example: SSO)
  9. In the Ticket time out and Delete audit log records older than (in days) boxes, leave the default values (recommended).
  10. Click OK

    SharePoint Farm

    Here are some additional considerations for configuring the SSO service in a SharePoint web farm.

    • Make sure the SSO service is running as the correct domain service account (this must be consistent across Web Front End "WFE" servers in the farm)
    • Make sure the Single Sign-On "Service Account" (in "Central Administration | Operations | Service Accounts") is set to the same domain account used to actually run the SSO service.

    At this point you should have a running instance of the Microsoft SharePoint Single Sign On service. This includes a new database for securely storing SSO user credentials. The next step is to configure a SSO application for Confluence. Please see Steps to Configure a SSO Application for Confluence.

Steps to Configure a SSO Application for Confluence

  1. From Administrative Tools, open the SharePoint Central Administration Web application.
  2. On the Central Administration home page, click Operations.
  3. In the Security Configuration section, click Manage settings for single sign-on.
  4. On the Manage Settings for Single Sign-On page, click Manage settings for enterprise application definitions.
  5. Click New Item and set the following properties
    1. Display Name: Confluence
    2. Application Name: Confluence
    3. Contact e-mail address: (Example: sample.administrator@csi.local)
    4. Account type: Individual
    5. Authentication type: leave "Windows authentication" unchecked
    6. Leave default "Username" and "Password" in place
  6. Click OK

    Please proceed to SharePoint Feature Configuration to enable SSO functionality.