You can configure users who are a part of LDAP or Active Directory to be a part of BMC Atrium Single Sign-On so that they can log on to Operations Management.
Configuring LDAP or Active Directory users in BMC Atrium Single Sign-On
Perform the following steps on the computer on which BMC Atrium Single Sign-On is installed:
- Launch the
BMC Atrium SSO Admin Console
- Under Realms, select the appropriate tenant.
- In the Realm Editor screen, under Realm Authentication, select Add > LDAP / Active Directory.
- In the LDAP/Active Directory Editor dialog box, fill in the fields as explained at
Enable LDAP for user authentication
and click Save.
In the Realm Editor screen, under User Stores, select Add>LDAPv3 User Store.
When you update the credentials of your LDAP system, you must also update the Atrium Single Sign-On product with the same credentials.
- In the LDAPv3 (Active Directory) User Store Editor dialog box, fill in the fields for both the General and Search tabs as explained at
Using an external LDAP user store
, and select Save.
- To verify a successful integration, in the Realm Editor screen, go to the Users tab and view all the Active Directory users.
Configuring LDAP or Active Directory users in BMC TrueSight Operations Management
- Log on to the TrueSight console as a Super Admin.
- Navigate to Administration>Authorization Profiles.
- Create a new authorization profile or edit an existing authorization profile to associate the user groups from Active Directory.
See Managing authorization profiles for more information.
- Select the tenant that you configured in BMC Atrium Single Sign-On for Active Directory users and select Edit under User Groups.
- Select Add and select the Active Directory user group from the list of user groups.
- Select OK and then Save.
- Select Yes to confirm changes to the authorization profile.
- Log out of the TrueSight console.
- Log back on to the TrueSight console as an Active Directory user.
- Log on to the Infrastructure Management server as an Administrator and perform the following steps:
- Edit the self_collector.mrl file located at /pw/server/etc/<cellname>/kb/collectors/ and add the groups to the permissions that are needed.
r - Read-only
w - Write
x - Execute
- Save the self_collector.mrl file.
- Recompile the cell using the commands
mccomp -n <cellname>
mcontrol -n <cell> restart
Managing users and access control
Managing users and user groups
Default users and user groups
Viewing user details
Editing and deleting authorization profiles