/mcpProcedure Step 1 In the address bar of your web browser, enter the following URL: https://<Unified CM-server-name>, where <Unified CM-server-name> is the hostname or IP address of the server. Step 2 Click Recovery URL to bypass Single Sign-On (SSO). Step 3 Enter the credentials of an application user with an administrator role and click Login. Step 4 From Cisco Unified CM Administration, choose System > SAML Single Sign-On. Step 5 Click Export All Metadata to download the server metadata for upload into your Identity Provider. Step 6 Click Update IdP Metadata File to import the IdP Metadata trust file. Step 7 Click Browse to select the IdP Metadata trust file and click Import IdP Metadata to import the file to collaboration servers. Click Next. Step 8 Select an LDAP-synchronized who has Standard CCM Super User permissions to verify whether the metadata file is configured appropriately and click Run Test. Step 9 Click Finish to enable the SAML SSO setup on all the servers in the cluster. When the applications are updated, there will be a short delay. The "Cisco SSOSP Tomcat" and "Cisco UDS Tomcat" services restart on all nodes in the cluster if the SSO mode is 'cluster-wide'. SAML SSO Deployment Interactions and Restrictions Feature Interaction Feature If you regenerate the Tomcat Certificates, generate a new metadata file on the Service Provider and upload that metadata file to the IdP. Tomcat Certificate Regeneration The metadata file regenerates if you perform one of the following: • Change Self-Signed Certificates to Tomcat Certificates and vice-versa. • Regenerate Tomcat Certificates to ITL Recovery Certificates. Cisco Unified Communications Manager downloads the regenerated metadata file and uploads to the IdP. Metadata Regeneration SAML SSO Deployment Guide for Cisco Unified Communications Applications, Release 15 and SUs 35 SAML SSO Configuration SAML SSO Deployment Interactions and Restrictions