Single Sign-On - Call-Level Interface Version 2

Teradata® Call-Level Interface Version 2 Reference for Workstation-Attached Systems - 20.00
Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
Lake
VMware
Product
Call-Level Interface Version 2
Release Number
20.00
Published
January 2024
ft:locale
en-US
ft:lastEdition
2024-11-15
dita:mapPath
bmn1691484839905.ditamap
dita:ditavalPath
obe1474387269547.ditaval
dita:id
fvz1470444150352
lifecycle
latest
Product Category
Teradata Tools and Utilities
Single Sign-On (SSO) is available only in the Windows environment. This feature has two modes of operations:
  • Direct sign-on
  • Third-party sign-on

Direct Sign-On

Direct sign-on permits a user to log on to the database without providing a user name and password; an account string may or may not be necessary. The Windows user identity must match the Teradata username and the username must have previously been granted the logon with null password privilege.

Third-Party Sign-On

Third-party sign-on is designed for use by application servers that log on to the database on behalf of a user through an API. Third-party sign-on requires that a user supply a username, password, and, possibly, a domain name to the application server. As with direct sign-on, the username must have previously been granted the logon with null password privilege.

A Logon parcel that does not contain a userid and a password will be interpreted as an SSO logon.

For direct sign-on SSO to work correctly, the GUILOGON environment variable must be set to NO. Otherwise, CLI displays the GUILOGON dialog box.

For more information, see “Creating A User for Single Sign-On” and “LOGON Statement” in Teradata Vantage™ - SQL Fundamentals, B035-1141 and “Single Sign-On” in Teradata Vantage™ - Database Utilities, B035-1102.

Encrypted Logon

If encryption support is switched on at the server (gateway), then CLI sends the logon string in encrypted form. The process of logon encryption is abstracted from and cannot be controlled by the applications.