How to Configure Integrated Windows Authentication for CA SDM

As a system administrator, you can authenticate CA SDM users through an existing external authentication method.  The following scenario describes configuring Integrated Windows Authentication (IWA) to authenticate CA SDM users through Microsoft Active Directory (AD). Configure CA SDM access types like administrators to use IWA. The users of the selected access types are directly authenticated through Active Directory.
casm172
As a system administrator, you can authenticate CA SDM users through an existing external authentication method.  The following scenario describes configuring Integrated Windows Authentication (IWA) to authenticate CA SDM users through Microsoft Active Directory (AD). Configure CA SDM access types like administrators to use IWA. The users of the selected access types are directly authenticated through Active Directory.
Follow these steps:
Verify the Prerequisites
Verify the following requirements before you configure the external authentication for CA SDM:
  • You have configured servers for CA SDM.
  • You have installed IIS 7.0 on the following server depending on your configuration:
    • Conventional configuration: primary server.
    • Advanced Availability: application server.
  • You have configured CA SDM to use IIS 7.0.
  • You have the list of access types for which the external authentication is required. For example, CMDB Administrator, Employee, and CMDB User.
Configure IIS for IWA
You configure the IIS server to enable IWA. The configuration changes the authentication mode of IIS from Anonymous to Windows Authentication. After the configuration, the server starts redirecting authentication requests to the external source.
Follow these steps:
  1. Log in as administrator to the following server depending on your configuration:
    • Conventional: Primary or secondary server.
    • Advanced Availability: Background server.
  2. Open the Administrative Tools, Internet Information Services Manager.
  3. Expand the Server Name
    node, where Server Name is the name of the CA SDM server.
  4. Expand Sites, Default Web Site,
    CAisd node.
    The CAisd Home page opens.
  5. Double-click the Authentication
    icon.
    The Authentication Settings page opens.
  6. Disable the Anonymous Authentication by clicking the existing Status
    value.
  7. Enable the Windows Authentication by clicking the existing Status
    value.
  8. Restart IIS to apply the changes.
You have configured IIS for IWA.
Configure CA SDM for IWA
You configure the IWA for each of the selected access types. After an access type is configured for the external authentication, CA SDM externally authenticates the contacts of that access type.
Follow these steps:
  1. Log in to CA SDM as a system administrator.
  2. Select the Administration tab, Security and Role Management, Access Types.
    The Access Type List
    page opens.
  3. Click the access type for which the external authentication is required.
    The Update Access Type
    form opens.
  4. Select the Web Authentication
    tab and select the Allow External Authentication check box.
  5. Select an appropriate value from the Validation Type drop-down list. The following values require description:
    • No Access
      Specifies that the selected access type is not allowed to access.
    • Open
      Specifies that the access is open to all.
    • OS
      Specifies that the CA SDM server operating system credentials are required to access CA SDM. If you have configured EEM, the login request would be redirected to the EEM server.
    • PIN
      Specifies that the value of selected CA SDM contact record field is required for the authentication. For example, if you select Pin
      as Validation Type
      and select Contact_Number from the PIN Field drop-down, the contact number of the user is required for authentication.
    The Validation Type is not used for the IWA validation, but it is used when the user logs in through the CA SDM login form. The CA SDM Login page appears only when the user clicks the Logout
    link or when the credentials do not match with IIS credentials.
  6. Click Save.
    To configure the external authentication for other access types, repeat steps 1 through 6.
Test IWA
You test the IWA with a user id having the corresponding contact record in CA SDM. A successful login indicates that you have configured the IWA successfully.
Follow these steps:
  1. Log in to the following server depending on your configuration, with a user id having the corresponding contact record in CA SDM:
    • Conventional: Primary or secondary server.
    • Advanced Availability: Application server.
    If the LDAP options have been installed in the Options Manager, you can also create new contact in CA SDM from any Active Directory contact.
  2. Launch the browser and enter the CA SDM URL.
    The Service Desk Home page opens.