AutoSys Workload Automation

Does WCC offer any SSO (Single Sign On) functionality?  If not currently, is this functionality on a future roadmap? 

NTLM and CA Siteminder integrations are available.

https://docops.ca.com/ca-wla-ae-wcc/11-4-2/en/installing/ca-wcc-implementation/customize-secure-access-to-ca-wcc#CustomizeSecureAccesstoCAWCC-ConfigureNTLMSingleSign-On

Thanks & Regards,

Chandru

CA Technologies

Hello,

Yes, Here is a Technical document to help you to configure WCC with SSO 

https://support.ca.com/us/knowledge-base-articles.TEC1694822.html

. Ensure EEM is configured with the AD that has the domain users 

Configuring EEM with NTLM

Prerequisites for Configuring NTLM Authentication

Do the following before you configure NTLM authentication:

• Verify that the CA EEM Server is installed on a Windows Server and is connected to an Active Directory.
• Verify that the users launch the application from a Windows computer.
• Verify that the CA EEM Server and the computer where the users are launching the application are part of the same network domain. If the computers are part of nested domains, ensure that the CA EEM Server and the computer where the application is launched belong to domains that have a trust relation established.
• Verify that the domain users are added to the User Groups on the computer where the application is being launched.

2. Enable SSO (NTLM) from WCC Configuration tab

Configuration Preferences 

To enable SSO (NTLM) set Single Sign-On to NTLM with the Configuration Preferences under the Configuration tab and click on Save.

Configuration Preferences

The Single Sign-On category contains the following fields:

• Single Sign-On

Indicates whether single sign-on using NTLM authentication protocol or integration with CA Siteminder is enabled. CA WCC uses NTLM protocol or CA Siteminder to authenticate your session when single sign-on is active. To disable single sign-on, select None. If you disable single sign-on, CA WCC requires you to authenticate your session by entering login credentials.

Default: Not selected

• Force Kerberos Compatibility

Indicates whether to force NTLM authentication when the browser is Kerberos capable. When this check box is selected and single sign-on is active, CA WCC overrides Kerberos protocol and uses NTLM protocol to authenticate your session. If you disable this option, CA WCC requires you to authenticate sessions that you open on Kerberos compatible browsers by entering your login credentials.

Default: Selected

Now when you log out of WCC and go back to the Login Screen, the link option, “Log in automatically using Windows credentials” will be available.  WCC with SSO (NTLM) is now enabled.

I hope this response suits your need

Thanks and regards,

Faouzia

Faouzia,

Any special ports are needed between EEM and AD?

Any planning to support EEM on Linux for SSO?

Thanks

Our company has been asking for a standards-based SAML 2.0 SSO flow for several years but unfortunately we have yet to see a solution that doesn't involved SiteMinder or wholesale switching from LDAP to AD for EEM binds and then using NTLM.