Configure the Microsoft Single Sign-On Service

SharePoint 2007

Applies To: Office SharePoint Server 2007

This Office product will reach end of support on October 10, 2017. To stay supported, you will need to upgrade. For more information, see , Resources to help you upgrade your Office 2007 servers and clients.


Topic Last Modified: 2008-01-03

To use single sign-on, the Microsoft single sign-on (SSO) service must be installed on all Web servers that run the Windows operating system. The SSO service must also be installed on all servers running Excel Services. If the Business Data Catalog search is used, the SSO service must also be installed on the index server.

The SSO service is configured by using the Services console. When configuring the service, a logon account is required. The logon account must be the following:

  • A domain user account (not a group account).

  • A SharePoint server farm account.

  • A member of the local Administrators group on the encryption-key server (the encryption-key server is the first server on which you start the SSO service).

  • A member of the Security Administrators group and DB creator group on the computer running Microsoft SQL Server.

  • Either the same as the single sign-on administrator account or a member of the group account that is the single sign-on administrator account.