You can configure users who are a part of LDAP or Active Directory to be a part of BMC Atrium Single Sign-On so that they can log on to Operations Management.
Configuring LDAP or Active Directory users in BMC Atrium Single Sign-On
Perform the following steps on the computer on which BMC Atrium Single Sign-On is installed:
- Launch the
BMC Atrium SSO Admin Console
.
- Under Realms, select the appropriate tenant.
- In the Realm Editor screen, under Realm Authentication, select Add > LDAP / Active Directory.
- In the LDAP/Active Directory Editor dialog box, fill in the fields as explained at
Enable LDAP for user authentication
and click Save.
In the Realm Editor screen, under User Stores, select Add>LDAPv3 User Store.
In the LDAPv3 (Active Directory) User Store Editor dialog box, fill in the fields for both the General and Search tabs as explained at
Using an external LDAP user store
, and select Save.
- To verify a successful integration, in the Realm Editor screen, go to the Users tab and view all the Active Directory users.
Configuring LDAP or Active Directory users in BMC TrueSight Operations Management
- Log on to the Operations Management console as a Super Admin.
- Navigate to Administration>Authorization Profiles.
- Create a new authorization profile or edit an existing authorization profile to associate the user groups from Active Directory.
See Managing authorization profiles for more information. - Select the tenant that you configured in BMC Atrium Single Sign-On for Active Directory users and select Edit under User Groups.
- Select Add and select the Active Directory user group from the list of user groups.
- Select OK and then Save.
- Select Yes to confirm changes to the authorization profile.
- Log out of the Operations Management console.
- Log back on to the Operations Management console as an Active Directory user.
- Log on to the Infrastructure Management server as an Administrator and perform the following steps:
- Edit the self_collector.mrl file located at /pw/server/etc/<cellname>/kb/collectors/ and add the groups to the permissions that are needed.
r - Read-only
w - Write
x - Execute
- Save the self_collector.mrl file.
- Recompile the cell using the commands
mccomp -n <cellname>
mcontrol -n <cell> restart
Managing users and access control
Managing users and user groups
Default users and user groups
Viewing user details
Editing and deleting authorization profiles