@SM AdminUI with External administration store only allows adding individual users as Admin, but not groups.
It will be nice to have such feature so as to assign a group as superuser in SM.
Thank you for your contribution of an enhancement idea to the CA Community. CA is continually working to improve its software and services to best meet the needs of its customers. Your input is vital to that effort. The CA Single Sign-On Product Management team is reviewing your enhancement suggestion. The Community will continue to be able to vote on this enhancement idea.
When can we expect this feature to be GA? could you please update us. In the field, We see the growing no of requests from customers.
I would expand on this and ask being allowed to enter any group as an administrator in SM and allow for any role (e.g. not just as a SuperUser but can also allow any group to have restricted access).
Thank you for your contribution of an enhancement idea to the CA Community. CA is continually working to improve its software and services to best meet the needs of its customers. Your input is vital to that effort. The CA Single Sign-On Product Management team has reviewed your enhancement suggestion and decided to maintain the idea for possible consideration in a future release. The Community will continue to be able to vote on this enhancement idea.
A similar idea was submitted, so referencing it, but votes should be collected on this idea.
Duplicate - A UI authenticate administrator based on LDAP or AD group
This is not only a wanted feature but is a requirement at my organization. So vote it up, we need to specify external RBAC control for SM Administrators instead of defining individuals and assigning them a role in SM itself.
Same here, would be great for my organization. We have an external (outside the SM team) Privileged Access security group who is taking over who can & can't access the WAM UI because they see it as a conflict that a SM admin can add anyone else in their group and give them permissions to do anything. But this new team does not want their own administrator account to login to the WAM UI themselves to add/remove administrators. They need to be able to add/remove users from LDAP group(s) and that will automatically give/remove WAM UI permissions for that person. And as CVX-Alan suggested above, not just for super-users, you should be able to select a group and then assign whatever permissions you want people in that group to have.
Yes, this is definitely an important must have feature. More and more organizations are moving towards externalization of privileged access management.
I would also suggest that a API be provided to do a reconciliation of administrator accounts. The API must be able to fetch all the administrator accounts and that would be used for auditing purposes.
Honestly, how is this something that isn't already native to the admin UI...especially given that we are talking about governing administrative access to single sign on product. At any rate, of course this request has my vote.
This being a important feature in terms of easy user provisioning as well. Adding individual users with set of privilege is quiet difficult at the moment having a wider team. At the same time, we cannot make each account as a super user as well.Hoping to see this considered to be taken further for implementation.
This would be very useful.
It's kind of ironic that an access control solution doesn't support group based access control on its administration GUI.
It will be really helpful feature having group assigned as administrator for easy management of admin/users who can access application.
Retrieving data ...