GroupWise 2014 R2 supports KeyShield’s single sign-on capabilities, allowing users to bypass logins by virtue of logging in once with KeyShield. This is enabled through the KeyShield client on a workstation. For more information on KeyShield, please visit their website.
The LDAP servers for GroupWise and KeyShield must be the same.
Your GroupWise Post Offices, KeyShield server, and workstations must be time synced.
You must be running KeyShield 6.0.2 or higher.
You must be running GroupWise 2014 R2 or higher.
(Conditional) If KeyShield is protected by APIKeys, create an API authorization for GroupWise in the KeyShield SSO console >> > .
On the> > page, if you want to use HTTPS, upload PKCS#12 keystore file from the KeyShield server to generate a certificate.
On the> > page, generate a self signed certificate.
(Optional) Modify theand parameters as needed.
Apply the certificate configuration so the certificate is generated. Return to thepage edit mode and click next to the keystore name field.
In the GroupWise Admin console, go to System > System Preferences and upload the certificate in thefield.
The certificate is replicated to all GroupWise POAs.
In the GroupWise Admin console, enableon the > page of the Domain, Post Office, or User where you are using KeyShield.
(Optional) To use KeyShield with Web Access, the KeyShield SSO Options must be enabled in the webacc.cfg file on the Web Access server.