How to Manage User Mappings for Host Initiated SSO

Use the following procedures to create mappings, set credentials, and enable or disable mapping.

On the Start menu, click All Programs, click Microsoft Enterprise Single Sign-On, and then click SSO Administration.
In the scope pane of the ENTSSO MMC Snap-In, expand the Enterprise Single Sign-On node.
In the scope pane, click Affiliate Applications.
In the details pane, right-click the affiliate application, and then choose the appropriate menu item for your action.

On the Start menu, click Run.
In the Run dialog box, type cmd, and then click OK.
At the command line, go to the Enterprise Single Sign-On installation directory. The default is <drive>:\Program Files\Common Files\Enterprise Single Sign-On.
Type ssomanage –createmappings <mapping file>, where mapping file> is the name of the xml file.

Note

On a system that supports User Account Control (UAC), you may need to run the tool with Administrative privileges.

A sample mapping file is shown below:
```
<SSO>  
  <mapping>  
    <windowsDomain>DomainName</windowsDomain>  
    <windowsUserId>UserA</windowsUserId>  
    <externalApplication>SSOApplication</externalApplication>  
<externalUserId>ExternalUserID that corresponds to UserA</externalUserId>  
  </mapping>  
</SSO>  
```
When the Validate Password feature is enabled for the affiliate application, it is necessary to set credentials, as follows:

On the Start menu, click Run.
In the Run dialog box, type cmd, and then click OK.
At the command line, go to the Enterprise Single Sign-On installation directory. The default is <drive>:\Program Files\Common Files\Enterprise Single Sign-On.
Type ssomanage -setcredentials <Windows account name> <application name>.

Note

On a system that supports User Account Control (UAC), you may need to run the tool with Administrative privileges.

On the Start menu, click Run.
In the Run dialog box, type cmd, and then click OK.
At the command line, go to the Enterprise Single Sign-On installation directory. The default is <drive>:\Program Files\Common Files\Enterprise Single Sign-On.
Type ssomanage -setcredentials <external account name> <application name>.

Note

On a system that supports User Account Control (UAC), you may need to run the tool with Administrative privileges.

On the Start menu, click Run.
In the Run dialog box, type cmd, and then click OK.
At the command line, go to the Enterprise Single Sign-On installation directory. The default is <drive>:\Program Files\Common Files\Enterprise Single Sign-On.
Type ssomanage -enablemapping <Windows account name> <application name>.

Note

On a system that supports User Account Control (UAC), you may need to run the tool with Administrative privileges.

On the Start menu, click Run.
In the Run dialog box, type cmd, and then click OK.
At the command line, go to the Enterprise Single Sign-On installation directory. The default is <drive>:\Program Files\Common Files\Enterprise Single Sign-On.
Type ssomanage -disablemapping <Windows account name> <application name>.

Note

On a system that supports User Account Control (UAC), you may need to run the tool with Administrative privileges.

On the Start menu, click Run.
In the Run dialog box, type cmd, and then click OK.
At the command line, go to the Enterprise Single Sign-On installation directory. The default is <drive>:\Program Files\Common Files\Enterprise Single Sign-On.
Type ssomanage -enablemapping <external account name> <application name>.

Note

On a system that supports User Account Control (UAC), you may need to run the tool with Administrative privileges.

On the Start menu, click Run.
In the Run dialog box, type cmd, and then click OK.
At the command line, go to the Enterprise Single Sign-On installation directory. The default is <drive>:\Program Files\Common Files\Enterprise Single Sign-On.
Type ssomanage -disablemapping <external account name> <application name>.

Note

On a system that supports User Account Control (UAC), you may need to run the tool with Administrative privileges.

See Also