Considerations when exporting and importing the SSO rule set
The SSO rule set export and import does not include the SSO credentials required for accessing HTTP cloud applications or the Service IDs of custom connectors.
SSO credentials (HTTP applications)
The SSO rule set is stored in the policy database. Importing the rule set updates the SSO policy. When you export or import the SSO rule set, the following information is included:
- All configured cloud connectors
- All configured connector lists
- All configured X.509 certificates and private key pairs
SSO credentials, which are required for accessing HTTP cloud applications and services, are stored in a separate database and are not part of the SSO policy. These credentials are not included in the export or import and must be re-created after the SSO rule set is imported.
When you back up the appliance configuration, you can include the SSO credentials in the backup. In this case, restoring the backup also restores the credentials.
Service IDs (Custom connectors)
The Single Sign On module assigns numeric Service IDs to custom connectors at the time they are created from templates. These Service IDs are not included in the export of the SSO rule set. When the rule set is imported later, new Service IDs are assigned to the custom connectors.
After importing the SSO rule set, you must update any Service IDs that are used to reference custom connectors, as follows:
- In the SSO Host to Service ID Mapping list, update the Key values to match the new Service IDs.
- Some Service Providers, such as Gmail, include the Service ID in the SSO configuration. For these Service Providers, log on to your account and update the Service ID.
NOTE: Failure to update the Service IDs after importing the SSO rule set can break custom connectors and links to cloud services and applications.