BEST PRACTICES: Assigning users to an application or managing them in the On Demand Portal

Document ID : KB000010927
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

BEST PRACTICES:

 

  1. Make sure all users who are active in Clarity are also active in the portal and assigned to the correct environment.
  2. Do all inactivation and activation of users through the portal. 
  3. When creating a new user in the portal, only activate them if you are going to assign them to one or more of your environments immediately.
  4. When assigning users to an organization, make sure only one user is showing in the search when you click the update assignments button.
Background:

We have had a number of customers stating that users are being inactivated unexpectedly by the ca_portal@dummy.com user.

We have found two criteria that make this happen.  Both must be present at the same time for this to occur.

1.  There are users that are active in the portal, active in Clarity, but not assigned to the correct environment.

2.  The tenant admin who is assigning the user(s) to an application does a partial search that pulls up multiple users including at least one user who is in the state mentioned in #1.  The user then checks the user they want to add to the application (production, test, or dev for example) and clicks the Update Assignments button.

NOTE:  Any user who is already assigned to the application will already have a check mark.  Any user who is not assigned to the application will not have a check mark.

When the user clicks the Update Assignments button any user who is unchecked will be inactivated under both Administration, Resources and User, Resources

Following the best practices mentioned in this KB will prevent these types of problems from occurring.

I have included instructions below on how to implement each best practice.

Environment:
On Demand Portal
Instructions:

BEST PRACTICE 1:

Make sure all users who are active in CA PPM are active in the portal.   Essentially you should make sure that the status of inactive or active matches between the portal and CA PPN.

The best way to check this is the following:

1.  Open a ticket with On Demand and ask them for separate lists for each of the following:

- Users who are active in the portal for your organization

- Users assigned to the prod environment

- Users assigned to any other environment (separate lists for each one)

2.  Compare your list of active users in CA PPM production environment to the list of Users assigned to production in the portal.  If a user is active in Clarity, active in the portal, but not assigned to the production environment in the portal, assign them to the production environment.

3.  Repeat step 2 for all other environments.

4.  Check the list of active users in the portal and make sure that all active users are active in at least one environment.  If they are not, determine which environment they should be assigned to and assign them to that environment or deactivate them if they are not assigned to any environment.  You can always activate them later if you decide to assign them to an environment at a future date.

BEST PRACTICE 2: 

Do all inactivation and activation of users through the portal. The portal was designed with the intention that customers will use the portal for all activation and deactivation of users.  This will help prevent problems with inactivating users unexpectedly.  It will also help ensure that the portal and Clarity remain in synch.

BEST PRACTICE 3: 

When creating a new user in the portal, only activate them if you are going to assign them to one or more of your environments immediately.  This allows users access to the portal.  If they log into the portal and know the url for one of your environments, they can get into that environment assuming they are active and have rights to the environment.  This is a security risk.

BEST PRACTICE 4: 

When assigning users to an organization, make sure only one user is showing in the search when you click the update assignments button.  If any other users are showing in the list and they are unchecked, they will be inactivated in Clarity which may mean that someone who used to be able to access Clarity can no longer access Clarity because they will be inactivated in Clarity when you hit the update assignments button.

If more than one user shows up in your list when attempting to assign a user to one of your environments, refine the search so that only the user you want shows in your list.  Then check the box to add him to the environment and click the Update Assignments button.