User Management and Authentication

Out of the box, CA APM Command Center uses the users.xml file for authentication. Edit the file to add, delete, or modify users. For more advanced authentication, configure the user management connection for Command Center to share the users and user groups with CA Application Performance Management (APM). Configuring Command Center to share users enables you to assign user-specific permissions in Command Center. You cannot assign these permissions when using the users.xml file.
apmdevops106
Out of the box, CA APM Command Center uses the 
users.xml
 file for authentication. Edit the file to add, delete, or modify users. For more advanced authentication, configure the user management connection for Command Center to share the users and user groups with CA Application Performance Management (APM). Configuring Command Center to share users enables you to assign user-specific permissions in Command Center. You cannot assign these permissions when using the 
users.xml
 file.
The user management roles do not provide complete permissions to any one role. Set up users only if you intend to have more than one user in Command Center. If you are the only user in your company in Command Center, do not set up User Management in Command Center.
A third option for authentication is using SAML to authenticate users with LDAP or CA Embedded Entitlements Manager (EEM) and implement single sign-on functionality. For more information about setting up Command Center, see Secure Command Center with SAML 2.0 and Securing Introscope Using SAML 2.0.
3
users.xml File
After installation, the easiest way to authenticate Command Center users is using the provided
users.xml
 file. Edit the file to modify, add, or delete users.
Follow these steps:
  1. Open the
    APMCommandCenterServer/config/users.xml
     file.
  2. Add, delete, or modify users directly in the XML file.
    By default, a test user is defined:
    <apm-acc-users>
    <!-- Default user -->
    <user email="[email protected]" firstname="User" lastname="Demo" password="acc"/>
    </apm-acc-users>
    The user email address is used as a user name.
    The attribute values cannot be null.
  3. Save the file.
    The passwords are removed from the
    users.xml
    file, after they have been encrypted in the database. The passwords are stored using a non-reversible algorithm. The passwords cannot be decoded.
APM and Command Center Configuration for Users and User Groups
Configure Command Center to share the users and user groups with APM. Command Center shares the users with the Enterprise Manager instance that it connects with. Only a domain administrator in APM can configure this connection. After configuration, you can add other users that have permission to manage permissions. If you do not configure this connection, Command Center runs in legacy mode. In legacy mode, you do not have user permission control. 
Generate a Security System Token in Team Center
Connect the Enterprise Manager to Command Center. Generate a security token in Team Center. 
Follow these steps:
  1. Log in to the Team Center instance that you want to connect to Command Center.
  2. Click the
    Security
    Icon.
  3. Click
    Generate New Token
    The
    New API Security Token
    dialog opens:
    • Enter a label for the security token.
    • Select
      System 
      for the token type.
    • Select
      Never Expires 
      or set an expiration date for the token according to your internal security guidelines.
  4. Click
    Generate Token
    .
    A token generates.
  5. Copy the token, and click
    Close
    .
Configure the apmccsrv.properties File
Use the system token to update the 
apmccsrv.properties
 file.
Follow these steps:
  1. Open the 
    apmccsrv.properties
     file.
  2. Go to the 
    Authentication Configuration
     section.
  3. For the 
    authentication.aca.url=
     property, add the Team Center URL with the correct port. 
    Use the webserver port that is configured in the
    introscopeenterprisemanager.properties
    file:
    introscope.enterprisemanager.webserver.port
    Default Port:
     8081
  4. Enter the system token for the 
    authentication.aca.systemToken=property
    .
  5. Save the property file.
  6. Restart Command Center.
    A restart of Command Center encrypts the system token permanently.
  7. Verify that you configured the connection correctly. Log in as a domain administrator to Command Center and verify that the User Management tab appears.
You configured Command Center to share authentication with Team Center.