Before enabling single sign-on (SSO) for a StorageGRID system, review the requirements in this section.
The identity provider (IdP) for SSO must meet the following requirements:
StorageGRID uses a Management Interface Server Certificate on each Admin Node to secure access to the Grid Manager, the Tenant Manager, the Grid Management API, and the Tenant Management API. When you configure SSO relying party trusts for StorageGRID in AD FS, you use the server certificate as the signature certificate for StorageGRID requests to AD FS.
If you have not already installed a custom server certificate for the management interface, you should do so now. When you install a custom server certificate, it is used for all Admin Nodes, and you can use it in all StorageGRID relying party trusts.
You can access an Admin Node's server certificate by logging in to the command shell of the node and going to the /var/local/mgmt-api directory. A custom server certificate is named custom-server.crt. The node's default server certificate is named server.crt.