Previous Topic: Interact with the Desktop ConfigurationNext Topic: Time Synchronization Prerequisites

Install the Domain OrchestratorPost-Installation Tasks for the Domain OrchestratorConfigure CA EEM to Permit Referenced Users to Log in with their Email Name

Configure CA EEM to Permit Referenced Users to Log in with their Email Name

When you install CA Process Automation, you can configure Global Users/Global Groups in the EEM Server Configuration as Reference from an external directory. You can then select Multiple Active Directory Domains and specify the Microsoft Active Directories (ADs) in which potential CA Process Automation users are defined. During a CA Process Automation installation, you identify the default AD domain. Users belonging the default AD domain can log in to CA Process Automation with their user name and password. Users belonging to other AD domains must enter their principal name and password at login. The standard form for a principal name is domain\username.

You can configure CA EEM to authenticate the Active Directory users with their email address, that is, username@domain. You configure CA EEM to search for the user using userPrincipalName.

Follow these steps:

  1. Log in to CA EEM as the CA EEM administrator and select the application name you set up during the CA Process Automation installation.
  2. Select the Configure tab.
  3. In the User Store palette, select LDAP Attribute Mapping.
  4. Create an attribute map from the existing attribute map by changing the user authentication filter. That is, change samaccountName to userPrincipalName.
    1. Select Microsoft Active Directory from the Mapping Name drop-down list.
    2. In the User Lookup panel, the User Search Filter is similar to the following example: 
      (&(objectClass=user)(!(objectClass=computer)))
    3. Edit the User Authentication Filter field such that userPrincipalName replaces samaccountName. See the following example results: 
      (&(ObjectClass=user)(!(objectClass=computer)(userPrincipalName= ...
    4. {UserName} is set as follows: 
      ))
  5. Save the attribute map. For example, type the name madAuthMail in the Mapping Name field and then click Save.
  6. The User Attribute Mapping data resembles the following data:

    User Name: sAMAccountName

    First Name: givenName

    Last Name: sn

    Display Name: displayName

  7. In the General section of the LDAP Directory Configuration, type the attribute map name you created in Step 5. Verify that your entries resemble the following text:

    Name: domain

    Attribute Map: madAuthMail

    Domain: domain

    Selected Hostnames: hostname:389

    Protocol: LDAP

    Base DN: ou=mylocation,dc=mycompany,dc=com

    User DN: cn=userid,ou=Users,ou=mylocation,dc=mycompany,dc=com

    User Password: passwordForUserid