Active Directory Integration

Active Directory (AD) enables your security teams to authenticate and authorize  user access and privileges from a central location.
Active Directory (AD) enables your security teams to authenticate and authorize 
Test Data Management
 user access and privileges from a central location.
Enable Active Directory Integration in Datamaker
In Datamaker, click 
Security, Users and Groups
, and open the 
System Settings
 tab, to define the 
AD group
Administrators can hide the CA TDM "Administrator" account when using Datamaker with AD or LDAP authentication. After an administrator enables 
Settings, Hide Admin Access on AD Login
, AD users do not see an option to select an admin user when they log in.
log on to"
Test Data Management
 using AD
To log in to the 
Test Data Management
 repository, you need a controlling Active Directory (AD) group name. This name must be specified in the 
Test Data Management
 security settings page as outlined above. AD Authentication consists of the following steps:
  1. At start-up, the client gets the name of the controlling AD group from the repository.
  2. The client checks that the AD group exists with the AD controller.
    : If the AD group specified does not exist, the 
    Test Data Management
     client denies access to the repository.
  3. When the AD that is specified is verified, the client retrieves a list of AD groups to which the user is assigned.
    User membership in the specified AD group is verified.
The following diagram shows the Active Directory configuration:
Active Directory Configuration
Active Directory Configuration
Activate Active Directory Integration
To enable Active Directory authentication, activate AD integration.
Follow these steps:
  1. Find the full Active Directory (AD) domain name.
     Your AD administrator can provide the AD name, or you can also run the command whoami/UPN in a command line.
  2. Make sure that the 
    Test Data Management
     users defined in the security screen match AD usernames. For example, if the AD username = [email protected] or int\ankur, the 
    Test Data Management
     security screen username = Ankur.
  3. The 
    Test Data Management
     administrator must provide ALL ADMIN privileges to the AD user in the 
    Test Data Management
     security screen.
    • AD administrator must create a dedicated AD group, for example, GT_DM_ACCESS, and must add all 
      Test Data Management
       users directly. You cannot use indirect membership through another AD group.
    • Individual 
      Test Data Management
       users can use the 
       command to confirm membership in the required AD group.
  4. Start Datamaker. Because your username is populated in Datamaker, you enter only your AD password.
  5. If you are using TDoD (Test Data on Demand), open the TDoD configuration editor. Set authentication type = AD and domain = domain from step 1. Save and restart TDoD.
  6. If you are using the Remote Engine, open the Remote Engine configuration engine. Set AD domain = domain from Step 1. Now save and restart the Remote Engine service.
If you cannot access Datamaker, you can revert the integration.
Follow these steps:
  1. In an SQL Window in another application, log in with the repository user name and password.
  2. Run the following commands:
    Delete from gtrep_clob where clob_id < 0; Commit;
  3. Restart Datamaker.
    You are prompted for a license key. 
  4. Reapply the original 
    Test Data Management
     license without the AD group.
    You can use Administrator credentials and other 
    Test Data Management
     credentials to log in.