Example: Active Directory Integration

This article includes an example scenario that explains how a CA TDM Portal administrator (Joe) can integrate Microsoft Active Directory (AD) with the CA TDM Portal and achieve the following objectives:
tdm43
This article includes an example scenario that explains how a CA TDM Portal administrator (Joe) can integrate Microsoft Active Directory (AD) with the CA TDM Portal and achieve the following objectives:
  • Configure AD integration settings.
  • Set default AD groups.
  • Map AD groups to the CA TDM Portal user groups.
  • Add AD users to CA TDM Portal user groups.
The following topics provide the complete information:
2
2
Prerequisites
Review the following prerequisites:
  • Ensure that appropriate AD groups and AD users are already available on the AD server.
  • Ensure that appropriate AD users are already added to the relevant AD groups.
  • Ensure that you have already noted the required AD groups and users that you want to add to the CA TDM Portal.
The following example screen shot shows the AD users (Charlie Boyd and Michael Levi) present in the AD group GRP3_AD2:
AD_Users_in_AD_Group.png
Scenario
Joe is a CA TDM Portal administrator. Joe has been asked to allow AD users in his organization to access the CA TDM Portal. This access would enable AD users to log into the CA TDM Portal and perform relevant operations. The business requirement is as follows:
  • All users in the AD group GRP1_AD2 must get administrator access for any newly created project in the CA TDM Portal. 
    Lynn Parker and Marge Walton are members of this group.
  • All users in the AD group GRP2_AD2 must get tester access for any newly created project in the CA TDM Portal.
    Cathy Dimitri and Paul Martin are members of this group.
  • All users in the AD group GRP3_AD2 must get the same privileges that users of a specific CA TDM Portal user group are getting.
    Charlie Boyd and Michael Levi are members of this group.
  • AD user Sue Anderson must be explicitly added to the CA TDM Portal user group (Tester - Orders) so that she can get the same privileges.
The following diagram shows the mapping:
AD and Portal group mapping
AD and Portal group mapping
Process
The following diagram shows the process steps:
Active Directory Integration Process Steps
Active Directory Integration Process Steps
Joe follows the following process to meet the requirement:
  1. Configure the AD integration settings, which includes the following subtasks:
    1. Set the authentication mode to AD.
    2. Provide the AD integration parameter values.
    3. Test the connection.
    4. Configure the default AD groups for the administrator and tester access, which includes the following subtasks:
      1. Map the AD group GRP1_AD2 to the default CA TDM Portal user group ADMINISTRATOR. 
      2. Map the AD group GRP2_AD2 to the default CA TDM Portal user group TESTER.
  2. Map the AD group GRP3_AD2 to the CA TDM Portal user group Orders.
  3. Add the AD user Sue Anderson to the CA TDM Portal user group Tester - Orders.
    This mapping allows the AD user Sue to get the same privileges that other users of the user group are getting. Note that Sue is not part of the already mapped default AD group GRP2_AD2.
By following this process, Joe can provide appropriate access to all the AD users. This allows them to log into the Portal and perform their operations.
Configure the AD Integration Settings
Configure the AD integration settings to specify the authentication mode, provide values for the integration parameters, and specify default AD groups. 
Follow these steps:
  1. Access the CA TDM Portal by using your administrator credentials.
  2. Expand
    Configuration
    in the left pane and click
    Authentication
    .
    The
    Authentication
    page opens.
  3. Enter information in the following fields; example values are provided:
    • Source:
       AD/LDAP
    The following are the basic settings:
    • Host Name:
       talkad2
    • Port Number:
      389
    • Base DN:
      DC=talkad2,DC=ca,DC=com
    • User DN:
      CN=administrator,CN=Users,DC=talkad2,DC=ca,DC=com
    The following are the additional Settings:
    • Referral Strategy:
      Follow
    • Use SSL:
      No
    • User Class:
      person
    • User ID Attribute:
      cn
    • User Organization:
      cn=Users
    • Group Object Class:
      group
    • Group ID Attribute:
      cn
    • Group Organization:
      cn=Users
    • Group Member Attribute:
      member
  4. Click
    Test
    .
    The CA TDM Portal successfully establishes connection with the AD server, verifies that AD users and AD groups (with users) are present in the specified configuration. The following screen shot shows some of the configured settings:
    AD_Configuration_New.png
  5. Click
    OK
    .
  6. Click
    Next
    to configure the default AD groups. In this example, GRP1_AD2 and GRP2_AD2 are identified as the default AD groups.
    Note:
     This settings is applicable only for those projects that you create after completing the configuration.
    • Enter GRP1_AD2 in the
      Select default AD group(s) for ADMIN access
      field to search for it. Select the group when it is displayed. This AD group gets the administrator access. 
      This mapping makes GRP1_AD2 as the default AD group with the administrator access for any new project that is created. All members of GRP1_AD2 get the administrator access for the created project. Therefore, Lynn Parker and Marge Walton become administrators for the newly created projects.
    • Enter GRP2_AD2 in the 
      Select default AD group(s) for TESTER access
      field to search for it. Select the group when it is displayed. This AD group gets the tester access.
      This mapping makes GRP2_AD2 as the default group with the tester access for any new project that is created. All members of GRP2_AD2 get the tester access for the created project. Therefore, Cathy Dimitri and Paul Martin become testers for the newly created projects. 
    The following screen shot shows the selected default AD groups:
    Default_AD_Group.png
  7. Click
    Finish
    .
    A message appears stating that the authentication settings are configured successfully.
  8. Click
    OK
    .
Joe has successfully set the authentication mode as AD, provided the integration settings, and specified the default AD groups.
Map the AD Group to the CA TDM Portal User Group
Joe also needs to map the AD group GRP3_AD2 to the CA TDM Portal user group (Orders) for the selected project. With this mapping, all users (Charlie Boyd and Michael Levi) in the GRP3_AD2 get the same access as other users of the mapped Orders user group. This access is applicable only for the project associated with the Orders user group.
Joe can perform this mapping from two places in the CA TDM Portal—project management or user management page. This procedure shows the steps for the project management page.
Follow these steps:
  1. Access the CA TDM Portal by using your administrator credentials.
  2. Click the Project Manager icon (gear icon) in the top-blue bar.
  3. Create the
    Orders
    project and click it.
    The
    Orders
    dialog opens.
  4. Expand the
    User Groups
    section.
    Three CA TDM Portal user groups are assigned to this project. Admin - Orders and Tester - Orders are the default CA TDM Portal user groups. Orders is the third group that is assigned to this project.
  5. Search for and enter GRP3_AD2 in the field next to Orders and select the AD group when it is displayed.
    The AD group GRP3_AD2 is added to the field and is mapped to the Orders CA TDM Portal user group.
  6. Close the dialog.
Joe has successfully mapped the required AD group to the CA TDM Portal user group. The AD users Charlie Boyd and Michael Levi get the same privileges that are available to others users of the Orders group for the Orders project.
The following screen shot shows GRP3_AD2 mapped to the Orders group. Also, note the presence of two default AD groups. These groups were automatically defined when the Orders project was created:
GRP3_AD2 Mapped to Orders.png
Add the AD User to the CA TDM Portal User Group
The final requirement that Joe has to complete is to add a specific AD user Sue Anderson to the Tester - Orders group, which is a default CA TDM Portal user group with tester access for the Orders project. After Sue is added to the Portal user group, she gets the same tester privileges that other uses of this group are having.
Follow these steps:
  1. Access the CA TDM Portal by using your administrator credentials.
  2. Click 
    Configuration, Access Control, User Groups
     in the left pane.
    The
    User Groups 
    page opens.
  3. Locate and click the
    Tester - Orders
     CA TDM Portal user group. This is the group to which you want to add the AD user.
    The
    Tester - Orders
    page opens.
  4. Click
    Users
    .
  5. Click
    Add User
    .
    The
    LDAP Users
    dialog opens.
  6. Enter Sue Anderson in the search field and select the name when it is displayed.
  7. Click
    Add
    .
    The AD user Sue Anderson is added to the list of users for the CA TDM Portal user group Tester - Orders.
The following screen shot shows the AD user Sue Anderson in now present in the list of users added to the Portal group:
User_added_to_group.png
Verify the Added Users/Groups
After completing the user group mapping, all appropriate AD users must be able to log in to the CA TDM Portal. They should also get the same privileges that other Portal users are having. This procedure verifies the same.
GRP1_AD2 Mapping
Lynn Parker and Marge Walton are members of the AD group GRP1_AD2. This AD group is mapped to the default Portal user group ADMINISTRATOR. Therefore, Lynn Parker and Marge Walton must have the same privileges when they log in to the Portal. Also, they must have administrator access to all the projects that are created after completing the default AD group mapping.
The following example screen shot shows that Lynn Parker has successfully logged in to the Portal. She has also received the appropriate administrator privileges for the two projects—Orders and PO_Project. By default, when the two projects were created after completing the default AD group configuration, the default admin AD group was automatically created for the two projects. All these privileges are as expected:
Lynn Parker.png
GRP2_AD2 Mapping
Cathy Dimitri and Paul Martin are members of the AD group GRP2_AD2. This AD group is mapped to the default Portal user group TESTER. Therefore, Cathy Dimitri and Paul Martin must have the same tester privileges when they log in to the Portal. Also, they must have tester access to all the projects that are created after completing the default AD group mapping.
The following example screen shot shows that Cathy Dimitri has successfully logged in to the Portal. She has also received the required tester privileges for the two projects—Orders and PO_Project. All these privileges are as expected:
Cathy Dimitri.png
GRP3_AD2 Mapping
Charlie Boyd and Michael Levi are members of the GD3_AD2 AD group. This AD group is mapped to the Portal user group Orders. Orders has tester privileges in the Portal. Therefore, both the AD users must get the same privileges that users of the Orders group get.
The following example screen shot shows that Charlie Boyd has successfully logged in to the Portal. He has received tester privileges only for the Orders project, not for PO_Project, which is correct:
Charlie Boyd.png
User Addition
The AD user Sue Anderson is added to the Portal user group Tester - Orders. She must get the privileges based on the Tester - Orders user group.
The following screen shot shows that she has successfully logged in to the Portal. She has tester privileges in the Portal and she can access only the Orders project. All these privileges are as expected:
Sue Anderson.png