/mcph) Per node agreements only. Repeat this process for each cluster node. Step 4 On the Expressway-C primary peer, complete the SAML SSO configuration: a) Go to Configuration > Unified Communications > Identity providers. b) Click Import new IdP from SAML. c) Use Import SAML file control to locate the IdP metadata file. d) Set the Digest to the required SHA hash algorithm. e) Click Upload. Note You can change the signing algorithm after you have imported the metadata, by going to Configuration > Unified Communications > Identity Providers (IdP) locating your IdP row then, in the Actions column, clicking Configure Digest). f) Verify that the IdP appears in the list of Identity Providers. g) Click Associate Domains in the IdP row. h) Check the domains that you want to assign to this Identity Provider. i) Click Save. Note If you are deploying Cisco Expressway with Active Directory Federation Services (ADFS) for SAML SSO, refer to Additional Expressway Configuration for ADFS, on page 30 for additional Expressway settings. SAML SSO Additional Tasks You can perform the following additional tasks to enable SAML SSO setup as per the requirement. Restart Cisco Tomcat Service Before and after enabling or disabling SAML Single Sign-On, restart the Cisco Tomcat service on all Unified CM and IM and Presence Service cluster nodes where Single Sign-On is running. Procedure Step 1 Log in to the Command Line Interface. Step 2 Run the utils service restart Cisco Tomcat CLI command. Step 3 Repeat this procedure on all cluster nodes where Single Sign-On is enabled. Additional Expressway Configuration for ADFS If you are deploying SAML SSO for Expressway with Active Directory Federation Services, complete these additional Expressway configurations: SAML SSO Deployment Guide for Cisco Unified Communications Applications, Release 15 and SUs 30 SAML SSO Configuration SAML SSO Additional Tasks