Manage server settings for single sign-on

Applies To: Office SharePoint Server 2007

This Office product will reach end of support on October 10, 2017. To stay supported, you will need to upgrade. For more information, see , Resources to help you upgrade your Office 2007 servers and clients.

 

Managing server settings for single sign-on includes specifying the appropriate administrator accounts, the single sign-on database server and server name, and time-out and audit log settings.

Note

You must open the Central Administration Web site on the computer that runs Microsoft Office SharePoint Server 2007 to manage server settings for single sign-on.

  1. On the top navigation bar, click Operations.

  2. On the Operations page, in the Security Configuration section, click Manage settings for single sign-on.

  3. On the Manage Settings for Single Sign-On page, in the Server Settings section, click Manage server settings.

  4. On the Manage Settings for Single Sign-On page, in the Account name box in the Single Sign-On Administrator Account section, type the Single Sign-On Administrator account name by using the form domain/group or domain/username.

    The Single Sign-On Administrator account specifies the set of people who can create, delete, or modify application definitions. The administrator account can also back up the encryption key.

    The single sign-on Administrator user or group that you specify as the single sign-on administrator must be the following:

    • Either a Windows global group or an individual user account. This account cannot be a domain local group account or a distribution list.

    • The single sign-on service account if a user is specified. If a group is specified, the single sign-on service account must be a member of that group.

    • The configuration account for single sign-on if a user is specified. If a group is specified, the configuration account for single sign-on must be a member of that group.

    • A member of the Reader SharePoint group on the SharePoint Central Administration site.

    If a group is specified, all users who are added to the group for the purpose of administering single sign-on must be a member of the local Administrators group on the encryption-key server. Do not make this account a member of the local Administrators group on the encryption-key server.

  5. In the Enterprise Application Definition Administrator Account section, in the Account name box, type the account name of the group or user who can set up and manage enterprise application definitions by using the form domain/group or domain/username.

    The Enterprise Application Definition Administrator account can manage credentials of an enterprise application definition, including changing the password of a group enterprise application definition and changing or deleting credentials for an individual enterprise application definition.

    The user or group that you specify must be the following:

    • Either a Windows global group or an individual user account. This account cannot be a domain local group account or a distribution list.

    • A member of the Reader SharePoint group on the SharePoint Central Administration site.

  6. In the Database Settings section, in the Server name box, type the NetBIOS name of the single sign-on database server (for example, computer_name or computer_name\SQL_server_instance). Do not type the fully qualified domain name.

  7. In the Database name box, enter the name of the single sign-on database server.

    Note

    Unless you are pre-creating databases, it is recommended that you use the default database server and single sign-on database server.

    In the Time Out Settings section, in the Ticket time out (in minutes) box, type a value in minutes for how much time passes before a single sign-on ticket expires. The time-out should be long enough to last between the time that the ticket is issued and the time that the enterprise application redeems the ticket. Two minutes is the recommended starting point.

    In the Delete audit log records older than (in days) box, type a value in days for how long the audit log holds records before deleting them.

    Click OK.