Active Directory Integration
Active Directory (AD) enables your security teams to authenticate and authorize user access and privileges from a central location.
Active Directory (AD) enables your security teams to authenticate and authorize
Test Data Managementuser access and privileges from a central location.
Enable Active Directory Integration in Datamaker
In Datamaker, click
Security, Users and Groups, and open the
System Settingstab, to define the
Administrators can hide the CA TDM "Administrator" account when using Datamaker with AD or LDAP authentication. After an administrator enables
Settings, Hide Admin Access on AD Login, AD users do not see an option to select an admin user when they log in.
log on to"
Test Data Managementusing AD
To log in to the
Test Data Managementrepository, you need a controlling Active Directory (AD) group name. This name must be specified in the
Test Data Managementsecurity settings page as outlined above. AD Authentication consists of the following steps:
- At start-up, the client gets the name of the controlling AD group from the repository.
- The client checks that the AD group exists with the AD controller.Note: If the AD group specified does not exist, theTest Data Managementclient denies access to the repository.
- When the AD that is specified is verified, the client retrieves a list of AD groups to which the user is assigned.User membership in the specified AD group is verified.
The following diagram shows the Active Directory configuration:
Activate Active Directory Integration
To enable Active Directory authentication, activate AD integration.
Follow these steps:
- Find the full Active Directory (AD) domain name.Note:Your AD administrator can provide the AD name, or you can also run the command whoami/UPN in a command line.
- TheTest Data Managementadministrator must provide ALL ADMIN privileges to the AD user in theTest Data Managementsecurity screen.Notes:
- AD administrator must create a dedicated AD group, for example, GT_DM_ACCESS, and must add allTest Data Managementusers directly. You cannot use indirect membership through another AD group.
- IndividualTest Data Managementusers can use theusername/domaincommand to confirm membership in the required AD group.
- Start Datamaker. Because your username is populated in Datamaker, you enter only your AD password.
- If you are using TDoD (Test Data on Demand), open the TDoD configuration editor. Set authentication type = AD and domain = domain from step 1. Save and restart TDoD.
- If you are using the Remote Engine, open the Remote Engine configuration engine. Set AD domain = domain from Step 1. Now save and restart the Remote Engine service.
If you cannot access Datamaker, you can revert the integration.
Follow these steps:
- In an SQL Window in another application, log in with the repository user name and password.
- Run the following commands:Delete from gtrep_clob where clob_id < 0; Commit;
- Restart Datamaker.You are prompted for a license key.
- Reapply the originalTest Data Managementlicense without the AD group.You can use Administrator credentials and otherTest Data Managementcredentials to log in.