Authenticating with Microsoft Active Directory users

Microsoft Active Directory can be used for managing user authentication and user data. The Microsoft Active Directory provides a Lightweight Directory Access Protocol (LDAP) service. Therefore, WebSphere® Application Server supports LDAP and WebSphere Application Server supports the Microsoft Active Directory.

Follow these steps:

Before you begin
Configure Jazz for Service Management with Microsoft Active Directory
Create users and groups in Microsoft Active Directory
Create users in Dashboard Designer
Update the Dashboard Service YAML file
Access the Telco Network Cloud Manager - Performance Dashboards with the users from Microsoft Active Directory repository

Before you begin

Ensure that you have performed the following task:

Set up the federation between Jazz® for Service Management and Telco Network Cloud Manager - Performance to work correctly and to access the web-based visualizations. For more information, see Setting up integration with Jazz for Service Management.

Configure Jazz for Service Management with Microsoft Active Directory

You can authenticate Telco Network Cloud Manager - Performance dashboards with users from an Active Directory database on a Lightweight Directory Access Protocol (LDAP) server. With this method, you use the standard user accounts that are registered with the LDAP server. The same user ID can be used to authenticate to the TNCP application and to the LDAP server. Follow these steps:

Log in to Dashboard Application Services Hub portal as smadmin user.
Expand Console Settings () > WebSphere Administrative Console.
Select Security > Global security.
From the Available realm definitions list, select Federated repositories and click Configure.
Click Manage repositories and select LDAP repository from the Add list.
Provide the following details:
- Specify a unique identifier for the repository.
- Select Microsoft Windows Active Directory from the Directory type list.
- Specify the primary hostname of the LDAP server and port number.
- Specify the distinguished name and bind password for the application server, which is used to bind to the directory server.
Click OK and then Save.
Save the configuration and restart the Dashboard Application Services Hub portal by using the following command:
```
$/opt/IBM/JazzSM/profile/bin/stopServer.sh server1 -username smadmin -password Smadmin01
```
Ensure that all the Java™ processes associated with Dashboard Application Services Hub are stopped, and then start the server by using the following command:
```
$/opt/IBM/JazzSM/profile/bin/startServer.sh server1
```

Create users and groups in Microsoft Active Directory

Create the users and groups in Active Directory and add the users to each of the groups. Follow these steps:

Click Start
On the Active Directory domain controller, open Active Directory Users and Computers.
For example, create the user john.doe to represent a domain user with a valid logon account.
Note: If the users are existing, then go to step 4 to create groups and add the users to the groups.
Select Action > New > User and follow the prompts to create a new Active Directory user.
Select Action > New > Group and follow the prompts to create a new Active Directory group.
Create the following groups:
- ConsoleAdmin
- ConsoleUser
- dashboarduser
- manager-gui
- manager-jmx
- manager-script
- manager-status
- npiadministrator
- npiuser
- ReadAdmin
- WriteAdmin
Create the following custom groups:
- ldap-user-group1
- ldap-admin-group1
Right-click the username and select Add to a group to add the new user to the new group.
You might also want to add your own Windows account to the new group. Adding your own account to the Telco Network Cloud Manager - Performance groups makes it easy to demonstrate some features, such as assigning roles to group members.

Create users in Dashboard Designer

See User administration from Designer tool.

Update the Dashboard Service YAML file

Log in to your cloud platform web console.
Click Workloads > Stateful Sets > dashboard.
Add the parameters and their values to the dashboard Stateful Set YAML file.
From the dashboard service, click the Actions() icon, and select Edit Stateful Set.
The Edit a resource page loads. Add the parameters and their values.
Click the Edit resource icon () to add the parameters and their values.

Add the security.dash.group-mapping parameter in args: section and specify a value.

security.dash.group-mapping": "ldap-user-group1->npiuser,dashboarduser,ConsoleUser|ldap-admin-group1 >npiadministrator,dashboarduser,ConsoleAdmin

Access the Telco Network Cloud Manager - Performance Dashboards with the users from Microsoft Active Directory repository

Access the Telco Network Cloud Manager - Performance Dashboards by using the users that are created on Microsoft Active Directory. See Accessing Telco Network Cloud Manager - Performance dashboards.