Clarity

  • Private Community

  • 1.  How to block login using portal for normal users in CA PPM

    Posted Dec 07, 2017 08:00 AM

    Hi Everyone,

     

    This question is aimed for those who uses CA PPM SaaS (aka On Demand)

     

    We had a issue with CA ondemand portal recently

     

    We wanted to block user login using portal as they should only be using Clarity only using SSO

     

    Now due to that CA made the existing one as SAML_Only and created a tenant admin group for admins like us

     

    The problem now we have is that we can't login anymore as users using portal to troubleshoot after this change

     

    As per CA team there is no alternate of this, and if they open it again users will be able to use reset password in ondemand and again can login using ondemand. 

     

    The problem is even though we being tenant admin we can reset the user password but of no use , as whenever we try to login using the portal password it says "your organization has restricted access over internet. Please contact your administrator"

     

    On the other hand CA can't give us any extra access other than tenant admin which would help us to login as users

     

    If I understand this correctly this issue could be their with your environments too

     

    How Are you handling such things ? Is there any solution to it ?



  • 2.  Re: How to block login using portal for normal users in CA PPM

    Posted Dec 07, 2017 02:34 PM

    I think there still is no solution, but there are work arounds.

    Those are different for different versions. See

    https://communities.ca.com/message/241942207-re-prevent-select-users-from-accessing-the-system?commentID=241942207#comme… 

    for discussion



  • 3.  Re: How to block login using portal for normal users in CA PPM

    Broadcom Employee
    Posted Dec 07, 2017 08:27 PM

    Hi,

     

    I think your environment is IDP Initiated SSO. It is default in CA PPM SaaS. 

    It has 2 access path as following.

     

    1.   IDP(ID Provider)  --> SP(Service provider: CA ondemand portal) --> PPM

    2.   SP(Service provider: CA ondemand portal) --> PPM 

     

    If SAML-Only is enabled for users, second path (2. SP-->PPM) will not be available anymore.

    Only first path (1. IDP--> SP -->PPM) is available, so users have to access PPM via IDP.

    Tenant admin is not configured as SAML-Only, so Tenant admin is allowed to access PPM by using above 2 paths.

     

    I don't know the details of your requirement and following my idea may not be fit your requirement.

    ------------------

    In SP Initiated SSO environment, users have to access SP first.

    SP will communicate with IDP for authentication.  It means that user always access PPM via CA ondemand portal.

     

    I think that IDP Initiated SSO is default in CA PPM SaaS, and SP Initiated SSO may have any limitation.

     

     

    Thank you.