Authenticating users with Remedy Single Sign-On or IT Data Analytics

You can manage user authentication by using:

Remedy Single Sign-On
TrueSight IT Data Analytics

As a part of this process, you can manage users and user groups by using Remedy Single Sign-On or TrueSight IT Data Analytics. You can assign roles only via TrueSight IT Data Analytics.

Remedy Single Sign-On for TrueSight IT Data Analytics supports the following authentication types:

Local
SAML v2
LDAP/AD
Kerberos
Certificate-based

Role and user group association

Users in TrueSight IT Data Analytics are given access to the product features based on their roles. TrueSight IT Data Analytics provides three kinds of roles – Super Admin, App Admin, and Troubleshooter. Based on these roles, feature-level access is provided to users. For more information, see Roles and permissions

Roles can be associated with user groups only. If you want to assign a particular role to the user, you need to ensure that the user is part of the user group that in turn is associated with the desired role. Therefore, role and user group associations form the basis of governing user authentication in TrueSight IT Data Analytics. You can manage role and user group associations from the Administration > Roles page.

Managing users and user groups with Remedy Single Sign-On

When you configure TrueSight IT Data Analytics with TrueSight Presentation Server and Remedy Single Sign-On (either while installing or through the enablesso-CLI-command), default users and user groups for TrueSight IT Data Analytics are automatically migrated from TrueSight Presentation Server to Remedy Single Sign-On. Additionally, the default users groups are automatically assigned to the default roles in TrueSight IT Data Analytics.

You can also create your own custom users and assign them to user groups in Remedy Single Sign-On. Each time you create a custom user, you need to assign the users to user groups that are already mapped to roles in TrueSight IT Data Analytics. In case of custom user groups, you have to assign them the correct roles in TrueSight IT Data Analytics. On TrueSight IT Data Analytics, you can edit roles and assign user groups to them. For more information, see Managing-roles. The same applies if you create custom user groups in Remedy Single Sign-On.

The following table provides the default users (along with their default credentials), user groups, and roles created.

Additional information

If you use Remedy Single Sign-On as your user authentication mechanism, then the following scenarios apply:

Users and user groups can be managed only via Remedy Single Sign-On.
(In this scenario, the Users and User Groups tabs are not available under the Administration tab on TrueSight IT Data Analytics).
Roles can be managed via TrueSight IT Data Analytics.
(This applies irrespective of whether you use Remedy Single Sign-On or not).

For more information about assigning roles, see Managing-roles.

Managing users and user groups with TrueSight IT Data Analytics

If you do not configure Remedy Single Sign-On, default users and user groups are automatically created on TrueSight IT Data Analytics. Additionally, the default users groups are automatically assigned to the default roles. You can create custom users, but you need to make sure that you assign these users to the user groups available. If you create custom user groups, you need to make sure that these user groups are assigned to the correct roles. For more information, see Managing-roles.

The following table provides the default users (along with their default credentials), user groups, and roles created.

To configure local authentication for use with TrueSight IT Data Analytics

Add local authentication if your system includes integration with TrueSight IT Data Analytics.

In the left navigation pane of the Add Realm or Edit Realm page, click Authentication.
Click Enable Chaining Mode.
By the List of Authentications, click Add Authentication.
Select LOCAL from the Authentication Type list.
Click Save to save the authentication type, and Save to save the chain of authentication.

Additional details for SAMLv2 authentication

Note the following for TrueSight IT Data Analytics:

External configurations will not work in TrueSight IT Data Analytics integrated with SAMLv2.
CLI commands and API calls should use the default " * " tenant admin user for authentication. A user of SAML tenant will not be able to run CLI commands and API.

For more information about setting up SAMLv2 authentication in Remedy SSO, see Setting up SAMLv2 authentication in Remedy SSO.

Additional details for LDAP authentication.

You need to enable chaining and add local authentication for a tenant created for LDAP server. For more more information about setting up LDAP in Remedy SSO, see Setting up LDAP or Active Directory users in Remedy SSO.

Additional details for Kerberos authentication.

You must have created an equivalent local user(and its associated local usergroup) for every Kerberos user. You need to create an equivalent local user with the exact name as the Kerberos user and associate that local user with the desired local usergroup. Before configuring the Kerberos authentication, you must create a Service Account in Active Directory and Add an SPN mapping to authenticate the service. A given SPN can be registered on only one account. For more information, see Setting up Kerberos authentication in Remedy SSO.

Additional details for Certificate-based authentication

Certificate-based authentication uses the Digital Certificate to identify the users or system resources before granting access. Ensure that the following conditions are met before configuring the certificate-based authentication:

Client has a valid Public Key Certificate
SSL support is configured for the server
Client authentication is configured on the server

For more information, see Setting up Certificate-based authentication in Remedy SSO.