Authentication in Focal Point®

Administrators can select the authentication method in the Authentication attribute of each user on the Manage Users page. To open the Manage Users page, click Users > Manage Users. Focal Point^® supports four methods for user authentication: Standard, IBM Rational Directory Server, Web Single Sign-On (SSO) and SAML 2.0 Single Sign-On.

Method	Description
Standard	Focal Point^® authenticates users. This is the default authentication method.
Rational Directory Server	Rational Directory Server authenticates users. If a user not is listed in Focal Point^®, but the credentials are valid in Rational Directory Server, the user is added to the product automatically.
	Rational Directory Server supports SSO with other Rational applications. Rational Directory Server users log on by using a token, which can either be in a cookie or in the URL as a parameter. If Rational Directory Server validates the token, the user is automatically logged on to Focal Point^®. If no token exists, the user is directed to the Login page. This feature is available when the Rational Directory Server is enabled and cannot be disabled separately.
Web SSO	A proxy application authenticates users. The user can log on after the proxy adds parameters to the HTTP request that provides the information required to log on.
SAML 2.0 Single Sign-On	Single Sign-On authentication mechanism based on the SAML 2.0 protocol by integrating Focal Point^® with an Identify Provider. Once the login is handled by the Identity Provider, the user's identity will be transferred to Focal Point^® through a digitally signed XML document.

Each user, including administrators, can have only one authentication method selected, but both Rational Directory Server and Web SSO can be activated for an installation. You might want to activate both methods so that regular users can authenticate by using Web SSO and administrators can authenticate by using Rational Directory Server. In this scenario, administrators can use Rational Directory Server to add and manage users, and regular users can log on to the product automatically.

To add users in Rational Directory Server, administrators must have the Authentication attribute set to Rational Directory Server. Administrators who have the Authentication attribute set to Web Single Sign-On or Standard can add users to Focal Point^® only.