Configuring WCC with SSO
search cancel

Configuring WCC with SSO

book

Article ID: 10180

calendar_today

Updated On:

Products

CA Workload Automation AE - Scheduler (AutoSys)

Issue/Introduction

Configuring SSO for WCC and EEM is simple.  However, our documents are not clear on what is required.  With this document, we outline the requirements and steps to accomplish this.



Environment

All Supported Releases of AutoSys WebUI/WCC

Resolution

To configure WCC with SSO

 

1. Ensure EEM is configured with the AD that has the domain users 

 

Configuring EEM with NTLM

Prerequisites for Configuring NTLM Authentication

Do the following before you configure NTLM authentication:

  • Verify that the CA EEM Server is installed on a Windows Server and is connected to an Active Directory.
  • Verify that the users launch the application from a Windows computer.
  • Verify that the CA EEM Server and the computer where the users are launching the application are part of the same network domain. If the computers are part of nested domains, ensure that the CA EEM Server and the computer where the application is launched belong to domains that have a trust relation established.
  • Verify that the domain users are added to the User Groups on the computer where the application is being launched.

 

2. Enable SSO (NTLM) from WCC Configuration tab

 

Configuration Preferences 

To enable SSO (NTLM) set Single Sign-On to NTLM with the Configuration Preferences under the Configuration tab and click on Save.

Configuration Preferences

The Single Sign-On category contains the following fields:

  • Single Sign-On

Indicates whether single sign-on using NTLM authentication protocol or integration with CA Siteminder is enabled. CA WCC uses NTLM protocol or CA Siteminder to authenticate your session when single sign-on is active. To disable single sign-on, select None. If you disable single sign-on, CA WCC requires you to authenticate your session by entering login credentials.

Default: Not selected

  • Force Kerberos Compatibility

Indicates whether to force NTLM authentication when the browser is Kerberos capable. When this check box is selected and single sign-on is active, CA WCC overrides Kerberos protocol and uses NTLM protocol to authenticate your session. If you disable this option, CA WCC requires you to authenticate sessions that you open on Kerberos compatible browsers by entering your login credentials.

Default: Selected

Now when you log out of WCC and go back to the Login Screen, the link option, “Log in automatically using Windows credentials” will be available.  WCC with SSO (NTLM) is now enabled.

 

 

 

Additional Information

Configuring WCC with NTLM / SSO 

Configure NTLM Single Sign-On 

You can use NTLM protocol to configure single sign-on capability. CA WCC does not support Kerberos authentication protocol but compatibility with Kerberos can be enabled by selecting the Force Kerberos compatibility checkbox. If you do not enable NTLM, CA WCC requires you to authenticate your session by entering login credentials. 

Notes: 

  • If you change your domain password while NTLM authentication is enabled, clear the browser cache. 
  • For more information about authentication protocol configuration settings, see the Configuration Help.