Implementing Single Sign on for the IBM I within a Windows Active Directory environment can be accomplished without any third-party add on software. You can use IBM I EIM (Enterprise Identity Mapping) along with NAS (Network Authentication Service).
You can find a two-part video supplied by IBM.
https://mediacenter.ibm.com/media/Configure+Single+Sign-on+using+Kerberos+on+IBM+i.+Part+1+Network+Authentication+Service/1_92i8tf5u
https://mediacenter.ibm.com/media/Configure+Single+Sign-on+using+Kerberos+on+IBM+i+Part+2+-+EIM/1_st0pc9sg
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Bill and Lisa Howie
Sent: Tuesday, December 17, 2024 3:51 PM
To: midrange-l@xxxxxxxxxxxxxxxxxx
Subject: Single sign-on with Okta
________________________________
CAUTION: This email originated from outside of the PENCOR network. Do not click on any links or open attachments unless the sender is known, and the content is verified as safe.
________________________________
Hello all,
I've been tasked by my boss to research the possibility of implementing single sign-on for our IBM I servers on our Windows network. Our single sign-on provider is Okta, if that helps. I'm trying to understand if simply having Okta as our provider is the only thing we need to get it set up on our IBM i. In doing a basic Google search it seems like there's a lot of places that want to sell you a third-party product to pull all this together but I'm not sure that's necessary. I'd love to hear everyone's thoughts. Thanks!
Bill
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit:
https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.
midrange.com
