When a user who is not logged in attempts to access the Business Control Center, the user is redirected to the SSO login page, and is prompted to authenticate using Commerce SSO. If the authentication succeeds on the SSO server, the Content Administration server retrieves the corresponding user profile from the Internal Profile Repository and associates the current session with the profile. If authentication fails, the user is redirected back to the Commerce SSO Login page.

The /atg/dynamo/servlet/dafpipeline/AccessControlServlet and /atg/web/assetmanager/userprofiling/NonTransientAccessController components are reconfigured by the plug-in to delegate control of the Business Control Center login process to Commerce SSO. The NonTransientAccessController component is responsible for redirecting the user to the SSO server login URL, which it constructs by invoking methods on the /atg/userprofiling/commercesso/CommerceSSOTools component.