Steps to configure the integration between Unified Self Service / EEM / Active Directory

Document ID : KB000010713
Last Modified Date : 20/04/2018
Show Technical Document Details
Introduction:

This steps will clarify how to configure the integration between Unified Self Service / Embedded Entitlements Manager / Active Directory

Background:

Customer uses Active Directory in Company authentication.

He needs to use the AD users to authenticate in Unified Self Service, and other products as well, such as: Service Desk. Service Catalog, and others.

He will also use EEM to manage the different applications separately

Environment:
Unified Self Service 14.1.x / 17 CA Service Desk Manager 14.1.x / 17 EEM 12.x Active Directoy (supported releases)
Instructions:

The steps to configure the integration are:

1. In Active Directory, create the 'OpenSpaceAdminGroup' and set some group members that will be Unified Self Service Administrators

USS-TEC-AD1.jpg

2. Check the AD user Account 'User logon name'  field. If you are working with multiple AD's and set the filed 'Mail domain' during the USS installation, you must adjust the correct domain

USS-TEC-AD3.jpg

3. Go to the Embedded Entitlements Manager UI, and set the User Store to 'Reference from an external LDAP Directory'

USS-TEC-EEM1.jpg

3. Example of configuration of 'Basic LDAP Directory' in EEM:. Note that this uses the default port 389:

USS-TEC-EEM3.jpg

4. Go to Unified Self Service Control Panel, to configure the Authentication type to EEM.

. Go to Portal Settings / Configuration> Authentication > EEM and set the fields properly.

Note that for Multiple AD's configuration, the EEM Application Administration Group must contain the domain which the group belongs to, before the group name:

USS-TEC-Portal1.jpg

At this point, the USS is ready to use EEM/AD Authentication

5. For Service Desk Authentication, install and set the Security Options Manager properly as the image below:

USS-TEC-SDM1.jpg

5. For Access Type with will use the EEM /AD authentication, the Web Authentication Tab / Validation Type must be set to

"CA EEM-Use CA Embedded Entitlements Manager"

Additional Information:

Other Links to help with this configuration:

https://support.ca.com/us/knowledge-base-articles.TEC1943949.html

https://communities.ca.com/thread/241726364

https://support.ca.com/us/knowledge-base-articles.TEC1984587.html