×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC TrueSight Presentation Server 11.3 ... Administering Managing users and access control Managing users and user groups Configuring user authentication for the Presentation Server in Remedy SSO

Setting up LDAP or Active Directory users in Remedy SSO

You can configure the Remedy Single Sign-On server to authenticate TrueSight Presentation Server users through an LDAP server. 

The following topics help you to perform the LDAP/AD configuration tasks in Remedy SSO and create an authorization profile in the TrueSight console:

Related topics

Setting up the Remedy SSO server Open link

Configuring tenants in Remedy SSO

Managing authorization profiles

Role-based access Open link


Before you begin

  • You must have installed and configured the Remedy SSO to work with the Presentation Server and its component products. For details, see  Planning to deploy Remedy SSO Open link   and   Installing Remedy Single Sign-On. Open link
  • You must migrate the internal user data from Atrium SSO to Remedy SSO. For details, see  Migrating internal user data from Atrium SSO to Remedy SSO. Open link
  • You must have set the Remedy SSO general settings. For details, see  Set up the Remedy SSO server. Open link
  • You must have configured tenants to be used with the Presentation Server. For details, see Configuring tenants for the Presentation Server in Remedy SSO.

Configuring LDAP or Active Directory users in Remedy SSO

To configure local authentication for use with App Visibility Manager

Add local authentication if your system includes integration with App Visibility Manager, Synthetic Monitor, or both.

  1. Log in to the Remedy SSO console as an Admin user.
  2. Click the Realm tab.
  3. Select a tenant (realm) with LDAP authentication.

  4. In the left navigation pane of the Edit Realm page, click Authentication.

  5. Click Enable Chaining Mode.
  6. By the List of Authentications, click Add Authentication.
  7. From the Authentication Type list, select LOCAL.
  8. Click Save to save the authentication type, and click Save to save the chain of authentication.

To create or edit an authorization profile with LDAP users in the Presentation Server

  1. Log in to the TrueSight console as a Super Admin.
  2. Navigate to Administration>Authorization Profiles.
  3. Create a new authorization profile or edit an existing authorization profile to associate the user groups from Active Directory.
  4. Select the tenant that you configured in Remedy Single Sign-On for Active Directory users and select Edit under User Groups.
  5. Click Add and select the Active Directory user group from the list of user groups.
  6. Select the required roles from the list roles.
  7. (Optional) Select the required objects from the list of object.
  8. Select OK and then Save.
  9. Select Yes to confirm changes to the authorization profile.
  10. Log out of the TrueSight console.
  11. Log in to the TrueSight console as an Active Directory user.
  12. Log in to the Infrastructure Management server as an Administrator and perform the following steps:
    1. Edit the self_collector.mrl file located at /pw/server/etc/<cellname>/kb/collectors/ and add the groups to the permissions that are needed.

      r - Read-only

      w - Write

      x - Execute

    2. Save the self_collector.mrl file.
    3. Recompile the cell using the commands
      mccomp -n <cellname>
      mcontrol -n <cell> restart

Was this page helpful? Yes No Submitting... Thank you
Last modified by Sanjay Prahlad on Nov 29, 2019
administration access_control task security authentication remedy_sso ldap active_directory app_visibility_manager

Comments

  1. Ali Khoshkar

    Is there a more refined way to do step 12...? Kind of strange that all the other changes are done in the console but I have to modify a config file manually on the server for this one step. Not everyone has access to the server - a little bit restricting.

    Edit the self_collector.mrl file located at /pw/server/etc/<cellname>/kb/collectors/ and add the groups to the permissions that are needed.

    r - Read-only

    w - Write

    x - Execute

    Save the self_collector.mrl file.

    Recompile the cell using the commands

    mccomp -n <cellname>

    mcontrol -n <cell> restart


    May 13, 2019 03:29
    1. Harihara Subramanian

      Hi Ali Khoshkar,

      Editing an MRL file is supposed to be restricted and therefore, only an Admin user can do that task.

      Some use cases might fail if that step is not performed.

      Jul 18, 2019 05:09

Log in or register to comment.

Setting up Local User Management authentication in Remedy SSO
Setting up SAMLv2 authentication in Remedy SSO
© Copyright 2014 - 2019 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.