AutoSys Workload Automation

 View Only
  • 1.  Is it possible to link Active Directory groups with Autosys access profiles (CA EEM)?

    Posted Dec 16, 2016 02:47 AM

    Is it possible to link Active Directory groups with Autosys access profiles @CA EEM?

    For example

    AD group "AD ADMIN - SCHEDULER" -> Autosys CA EEM "ConsoleOperator"

    If so, could you please explain me how to do it? - I couldn't find any info in the manuals.

     

    Thank you.



  • 2.  Re: Is it possible to link Active Directory groups with Autosys access profiles (CA EEM)?
    Best Answer

    Posted Apr 18, 2017 01:42 PM

    Hi,

     

    Yes you can tie an LDAP group to an internal EEM group.  In your example you mention the ConsoleOperators group which is a Dynamic User Group.  In the EEM interface you can go to Manage Access Policies and click on Dynamic User Group Policies on the left hand side to get a listing of Dynamic User Groups.  Click on the ConsoleOperators one on the right hand side and it will open up for editing.  Under "Identities" change the type to Global Group and click the search identities link.  Put the LDAP group name in the Value box and click search and it should query LDAP and find the group.  Once a result is returned simply highlight it and click the arrow pointing to the right to add it to the selected identities box.  Then save your policy.  This assumes that you have already mapped your EEM user store to an LDAP.


    Documentation on tying to an LDAP can be found here: https://docops.ca.com/ca-wla-ae-wcc/11-4-2/en/securing/security-policy-customization/active-directory-authentication 

    Documentation on policy customization can be found here: https://docops.ca.com/ca-wla-ae-wcc/11-4-2/en/securing/security-policy-customization/customize-security-policy-and-setti… 

     

    Hope that helps.

    Jeffery Johnston

    CA Senior Support Engineer



  • 3.  Re: Is it possible to link Active Directory groups with Autosys access profiles (CA EEM)?

    Posted Apr 18, 2017 01:47 PM

    Setting up AD and eEM is absolutely documented and how to apply to policies etc.

    Perhaps have your workload AE engineer set it up for you .. and assist.,

     

    Good luck .

     

     

    Steve C.

     

     

    Nothing in this message is intended to constitute an electronic signature unless a specific statement to the contrary is included in this message.

     

    Confidentiality Note: This message is intended only for the person or entity to which it is addressed. It may contain confidential and/or privileged material. Any review, transmission, dissemination or other use, or taking of any action in reliance upon this message by persons or entities other than the intended recipient is prohibited and may be unlawful. If you received this message in error, please contact the sender and delete it from your computer.



  • 4.  Re: Is it possible to link Active Directory groups with Autosys access profiles (CA EEM)?

    Posted Apr 19, 2017 01:33 AM

    Thats all I wanted to know.

    Thank you for your support.



  • 5.  Re: Is it possible to link Active Directory groups with Autosys access profiles (CA EEM)?

    Posted Apr 20, 2017 09:09 AM

    there's also the string subtraction one can do on the AD group to do a one and done approach to your policies. 

    collaboration between eEM team and your's truly back in 11.3 days. 

    CA Workload Automation Dist) Global User Community Webcast October 2013 - YouTube