Clients and Users in Automic SaaS
Your Automic SaaS subscription includes a non-production and a production environment. Each environment by default has an administration Client (Client 0) and a production Client (Client 100) and a default user.
Here you can find all the information relevant to the Users and administration and production Clients in your Automic SaaS environments.
This page includes the following:
Client 0 in Automic SaaS
Also referred to as the system Client, Client 0 is the administration Client used to manage internal objects and system-wide settings. System administrators use Client 0 to manage these settings, which affect all other Clients in the system. There can be only one Client 0 in an Automic SaaS environment.
As an Automic SaaS administrator, implementing the authorization policy already begins when planning and creating the Clients, which is where you allocate your Users, User Groups, objects, etc. How you define your Client landscape depends on the structure of your company and how you decide to depict it. An environment has only one Client 0, which is already fully configured. You cannot change its configuration. If you need any change, you must place a Service Request through the Broadcom Support Portal.
The basic configuration of Client 0 in Automic SaaS is similar to the configuration in a non-SaaS Automic Automation environment. There are certain folder structures, objects, variables, and so on that are part of any Client 0 definition. For more information, see System Client 0 - Administration Client .
However, the Client 0 features and functions that are available to Automic Automation administrators do differ from those available to Automic SaaS administrators. Since many of the usual Client 0 activities are performed by the Automic SaaS provider, they are restricted for Automic SaaS administrators.
Here you have an overview of what you, the system administrator, are allowed and not allowed to do in Client 0 and your production Clients:
-
You can add and authenticate Agents. For more information, see Installing and Configuring Agents for Container-Based Systems and Agent Authentication.
-
You can use all object types, with the following restrictions:
-
Client and User, objects.
To add more business Clients to your environment, place a Service Request through the Support Portal. The same applies to the first User in Client 0. Once that first User is provided, you can use it to create more.
-
SQLI VARA objects, which cannot be used in any Client.
-
-
You do not have access to the database and cannot use the Utilities. This is also the reason why you do not have access to SQLI VARA objects, since they retrieve values from the database through SQL statements.
-
You cannot carry out system-related actions such as upgrading the system, stopping server processes, configuring telemetry, or enabling traces.
-
You have access to all variables, with the exception of only Read access to system VARAs (UC_SYSTEM_SETTINGS variable).
Place a Service Request through the Support Portal if you need to adjust some of the parameters of the UC_SYSTEM_SEETINGS variable. For more information, see UC_SYSTEM_SETTINGS - Systemwide Settings.
Important! Make sure that the configuration of Client 0 in your non-production environment is identical to the Client 0 in the production environment. Otherwise, you cannot test your changes under production conditions and you risk corrupting your production Clients.
Production Clients in Automic SaaS
Client 100 is a default production Client included in Automic SaaS. You do not have to use it, if you do not want to.
You can add more production Clients to your environment; to do so, place a Service Request through the Support Portal. You can also configure them to best fit your company's needs.
The production Clients is where users design automation and operators monitor processes. Developers and object designers create and configure objects in a production Client and can also monitor them to ensure that they behave as expected. Also, operators and managers use production Clients not only to understand the configuration and dependencies of the objects but also to monitor them daily and analyze tasks and react, if needed.
For more information, see:
In production Clients, Automic SaaS Users can carry out the same actions than a User in a non-SaaS Automic Automation environment can. The only exceptions are the following:
-
Client and User objects.
To add the first User in a Client, place a Service Request through the Support Portal. Once that first User is provided, you can use it to create more.
-
SQLI VARA objects, which cannot be used in any Client.
The UC_CLIENT_SETTINGS is a predefined Client variable (VARA) object that allows you to store settings specific to a Client, such as its be behavior when started, access control, user passwords, logs and so on. These settings are displayed in the respective Client object, where they can be edited, see UC_CLIENT_SETTINGS - Various Client Settings.
Users in Automic SaaS
The Users for Client 0 and Client 100 are created automatically and their login credentials are provided to the system administrator. System administrators assign Users to User Groups to define the authorizations and privileges that they have in the respective Clients.
You cannot create the first User neither in Client 0 or any production Client. To add the first Users, you need to place a Service Request through the Support Portal. Once a first User is created, you can use that User to create more and assign them to the relevant User Group.
For more information, see:
SAML and Automic SaaS
SAML is enabled for Automic SaaS systems. To use SAML in your Automic SaaS environments, you must do the following:
-
When you place a Service Request to create a new User, provide Broadcom with the user name as defined in your SAML Identity Provider. For the Automic SaaS/SAML integration to work, the SAML user name and the Automic SaaS user name must be identical.
-
Configure your Clients to link your Users to one or more SAML identity providers. You do this in the UC_SAML_SETTINGS Client variable available in your Client 0. For more information, see UC_SAML_SETTINGS - Single Sign-On.
The following topic explains how to configure the Automation Engine to set up SSO SAML: Setting up Single Sign-On - SAML. This topic is specific for on-premises environments. As an Automic SaaS customer, you only have to configure the UC_SAML_SETTINGS variable. However, this topic will help you understand how Automic SaaS handles SSO.
LDAP and Automic SaaS
Automic SaaS support (Undefined variable: 3rdPartyNames.LDAPS), that is, LDAP over SSL. To use (Undefined variable: 3rdPartyNames.LDAPS) in your Automic SaaS environments, you must do the following:
-
When you place a Service Request to create a new User, provide Broadcom with the (Undefined variable: 3rdPartyNames.LDAPS) certificate so that we can create the secret for you.
-
Configure your Clients to connect to the (Undefined variable: 3rdPartyNames.LDAPS) server. You do this in the UC_LDAP_EXAMPLE Client variable in your Client 0. For more information, see UC_LDAP_EXAMPLE - LDAP Connection Variable.
Note: When you start creating Users yourself, make sure that you activate the LDAP Connection option on the User definition. For more information, see:
Managing Password and Agent Login Externally
Automic SaaS supports CyberArk password vaults that retrieve passwords using a REST endpoint. To use CyberArk in your Automic SaaS environments, you must do the following:
-
Send your certificate to Broadcom. This is necessary so that we can create your secrets.
-
Configure your password vault. You do this in the UC_VAULT_CYBERARK variable in your Client 0. For more information, see UC_VAULT_CYBERARK - Password Vault Configuration.
Object Authorizations for Client 0 and Client x Objects
Authorizations can also be given at object level. Here also, Automic SaaS Users in Client 0 and production Clients have the same authorizations as non-SaaS Users. The only exception is that Automic SaaS Users only have Read access to the objects that are relevant for the system configuration.
Place a Service Request through the Support Portal if you need to adjust some of the parameters of the UC_SYSTEM_SEETINGS variable or any other objects that are relevant for the system configuration.
For more information about the System Settings, see UC_SYSTEM_SETTINGS - Systemwide Settings.
For more information about User and User Group authorizations and privileges, see:
For more information about authorizations at object level, see Authorizations Page.
See also: