Hi all. I'm using Service Desk Manager (SDM), Service Catalog (SC) and Process Automation (PAM) in a Service Management implementation. SC and PAM are registered in CA EEM, I use pdm_ldap_import/sync for synchronizing AD users with SDM, and the three products are authenticating against Active Directory (AD).
However, for permission and assignment tasks, SDM takes its own groups but SC and PAM take groups from AD or EEM.
For maintenance purpose, I’d like to have a unique source of groups.
At this moment, I’m evaluation some options:
1) Using SDM groups:
SC and PAM should take groups from SDM. At this moment I think it is not possible since there is an idea: https://communities.ca.com/ideas/235719832
2) Using EEM groups:
I need a way of SDM seeing EEM groups. Is it possible?
3) Using AD groups:
I need to synchronizing AD groups with SDM in a similar way I use pdm_ldap_import/sync for users. I know I can make it with a PAM process or an external program of Java/.NET but it there a CA took for making it for us.
All idea is welcome.
Thanks in advance.
I agree that option 3 is your best choice.
About administering the group's I would:
1 ) create a SC Service where you can have options like create, inactivate, add/remove members, rename groups.
2) this Request should open a RFF (change order) with workflow tasks
3) these workflow tasks can:- do technical aprovals and/or other manual tasks- integrate with PAM to talk with AD - integrate back with SDM to update the groups.
I think PAM have AD operators but if necessary you can use powershell to deal with AD groups.
Hope this can help.PP
Thank you Paulo.
I'm also seeing option 3 is the best and perhaps the only choice.
As a comment, SC service and aprovals does not apply to us. The only pending for us is create a program with PAM/Java/.NET or PowerShell as you suggest to transfer AD groups and members to SDM.