Configuring the eEM Domain

eEM is an entitlement management solution that runs as a server/service. If your company uses eEM, any user who is defined in eEM to be able to access AAI can log in to AAI and will have privileges and access to areas of the user interface as defined in eEM. The integration between AAI and eEM allows you to provide granular role-based authentication and control data access using specific roles and privileges. As an AAI administrator, you add the eEM domain to AAI and configure it as described below.

When eEM is integrated with AAI, there is no need to create users explicitly in AAI. The first time that an eEM user logs in to AAI, an AAI user is created for them automatically. The user authentication and access privileges are determined by the policies defined within the eEM server.

When you later add schedulers to AAI, you can choose whether to enable eEM for them or not. If you do so, the eEM access policies will be honored for the jobs in those schedulers.

Single Sign-On

If the eEM server contains external users defined in an LDAP domain, you can extend the definition of the eEM domain to define the backing Kerberos server that allows for single sign-on access.

Note:

When using Kerberos, only one eEM domain is allowed.

AAI/eEM Integration

To use eEM's security model with AAI, you or the administrator in charge of the installation/integration must create an AAI application within the same eEM server that hosts the scheduler.

The AAI installation includes a JAWSCreate.xml file in [installation path]\scripts\eEM\ that you use in a script to add the AAI access policies to the eEM server. For more information, see Role-Based Security with eEM Access Policies.

Tip:

Our support team (https://support.broadcom.com/enterprise-software/product-catalog.html) is ready to help you, anytime and anywhere. The three core support centers are located in Europe, the United States, and Asia Pacific.

To Add an eEM Domain

  1. Go to the Admin - Users page.

  2. Open the Domains tab and select Add Domain.

  3. On the Add Domain dialog, enter the following:

    Name

    This is the name that the users will see in the login dialog when they log in to AAI. It must be unique.

    Type

    Type of domain, in this case eEM.

  4. In the eEM Server section enter the data that identify the eEM server to which you want to connect with this domain.

    Host

    To communicate with the eEM service, AAI must know the eEM location.

    User / Password

    AAI must be authorized (by a user and password) to run the necessary queries to ensure that the logged on user has the requested access privileges. The user and password must have been created in eEM for the AAI application. They are is used to log on to eEM and validate the end-user's access rights.

  5. In eEM Options specify the following:

    Automic Automation Intelligence App Name

    Name of the AAI application that is defined in the eEM server.

    AutoSys App Name

    Name of the AutoSys application that is defined the eEM server.

  6. Save your configuration.

  7. Click the Test Configuration button at the top of the dialog. AAI tries to connect to eEM with the information that you have provided. If there is any configuration error, AAI indicates it.

    Use this feature whenever you make changes, since for security reasons subsequent login errors contain little or no information.

See also: