Secure Configuration Management Using BizTalk SSO

In the BizTalk ecosystem, the Enterprise Single Sign-On (SSO) database can be used to securely store configuration data as name/value pairs. While this capability has long been available, the built-in mechanisms for inserting and managing these settings are limited and not user-friendly.

To address these shortcomings, a custom tool was developed to simplify the insertion, management, and maintenance of configuration values stored in the SSO database. This tool improves usability while continuing to leverage SSO's secure storage features for sensitive application settings.

SSO Application Configuration and Environment Management

The tool allows users to define and manage an SSO application by specifying the application name, description, authorized account groups with access permissions, and a collection of fields to be securely stored.

While the tool streamlines SSO management, it does not fully replace the native ssomanage command-line utility. To maintain compatibility and flexibility, the tool supports exporting new application configurations into an SSO-compatible format. These exported XML files can be modified per environment---for example, to update user accounts or permissions.

During installation, the tool can load a selected XML configuration file, enabling environment-specific setups. Separate XML configurations can be maintained for development, test, and production environments. When an application is no longer needed, particularly during development, it can be safely deleted using the tool.