Configuring the eEM Domain

domains, eem, configuring eem domains

CA Embedded Entitlements Manager (eEM) is an entitlement management solution that runs as a server/service that AAI can integrate with to allow it to handle user authentication and object access. If your company uses eEM, any end-user who is defined in eEM to be able to access AAI can log in to AAI and will have privileges and access to areas of the user interface as defined in eEM. The integration between AAI and eEM allows you to use eEM provided role-based authentication and granular control of data access using specific roles and privileges. As an AAI administrator, you add the eEM domain to AAI and configure it as described below.

When eEM is integrated with AAI, there is no need to create users explicitly in AAI. The first time that an eEM user logs in to AAI, an AAI user is created for them automatically. The user authentication and access privileges are determined by the policies defined within the eEM server.

When you later add schedulers to AAI, you can choose whether to enable eEM for them or not. If you do so, the eEM access policies will be honored for the jobs in those schedulers.

Single Sign-On

If the eEM server contains external users defined in an LDAP domain, you can extend the definition of the eEM domain to define the backing Kerberos server that allows for single sign-on access.

Note:

When using Kerberos, only one eEM domain is allowed.

Securing communication with TLS

You can optionally prepare and configure eEM for secure encrypted communication to AAI. For information, see the related section in Role-Based Security with eEM.

To Add an eEM Domain to AAI

  1. Go to the Settings > User Management page. It opens to the Admin - Users list.

  2. Open the Domains tab and select Add Domain.

  3. On the Add Domain dialog, enter the following:

    Name:

    This is the domain name that the users will see in the login dialog when they log in to AAI. It must be unique for this AAI installation.

    Type:

    Select eEM as the domain type.

  4. In the eEM Server section enter the data that identifies the eEM server to which you want to connect with this domain.

    Host

    The hostname of the eEM server. To communicate with the eEM server, AAI must know the eEM location.

    User/Password

    The username and password of the eEM user to be used to establish the connection between AAI and eEM so that eEM can authenticate end-user logins and their access rights to eEM objects.

    Important!

    This user must be defined in eEM to have full access to the AAI application and its objects.

  5. In eEM Options section specify the following:

    Automation Analytics & Intelligence App Name

    Name of the AAI application that is defined in the eEM server.

    AutoSys App Name

    Name of the AutoSys application that is defined the eEM server.

  6. Click Save.

  7. Click the Test Configuration button at the top of the dialog. AAI tries to connect to eEM with the information that you have provided. If there is any configuration error, AAI indicates it.

    Use this feature whenever you make changes, since for security reasons subsequent login errors contain little or no information.

See also: