Symantec Access Management

  • 1.  Giving access to groups in Admin UI

    Posted Nov 25, 2016 12:40 PM

    Hello,

     

    If we are protecting Admin UI using siteminder and allowing access to users present in user store instead of policy store(legacy user).

    Can we configure it in such a way that we can add user-groups instead of adding individual users as Administrators?

     

    Regards,

    Aditi



  • 2.  Re: Giving access to groups in Admin UI

    Posted Nov 27, 2016 07:08 PM

    Hi Aditi,

    The protect of WAMUI with Siteminder is similar to what you configured to protect normal application. You can specified the group under the user policy.

    For example, in my case, I provide access to user group with ou=support

     

     

     

    Regards,

    Kar Meng



  • 3.  Re: Giving access to groups in Admin UI

    Posted Nov 28, 2016 12:58 AM

    Hello Kar,

    Can we add groups in Administrator list for AdminUI access(like Report extraction access to be given only to L1 support group or so)?

    Or the workaround will be to add individual users as administrators and then give access to a group using policy which will have those users as members?

     

    Regards,

    Aditi



  • 4.  Re: Giving access to groups in Admin UI

    Posted Nov 28, 2016 11:01 AM

    Your workaround is correct.  I suggest creating an idea on this community site so others can vote for the potential enhancement request.  



  • 5.  Re: Giving access to groups in Admin UI

    Posted Nov 28, 2016 10:50 PM

    But this workaround is a tedious and repetitive activity in case we need to give access to a group having 100-200 users, we need to manually add them as administrators. In this case, defining them as a group in domain policy will not provide any help as administrators by default have an access to admin ui.

     

    Please suggest.



  • 6.  Re: Giving access to groups in Admin UI

    Posted Nov 30, 2016 05:50 PM

    Hi Aditi,

    Do you have a use case that can explain better? This will help us better understand the requirement.

     

    Regards,

    Kar Meng



  • 7.  Re: Giving access to groups in Admin UI

    Posted Nov 30, 2016 11:07 PM

    Hello Kar,

     

    We have the below requirement from the client:

    Access to SiteMinder AdminUI to be provided to a monitoring/helpdesk team so that they can extract audit and analysis reports for analyzing the number of users accessing a web application or number of authorized and un-authorized access to a particular resource, etc.

    Other than this, there should be a group of siteminder administrators who have complete access to AdminUI.

     

    Now, adding such users separately in administrator tab is a tedious job as we have 10-15 members in monitoring team as of now(which will increase with time). Thus, we want to add a particular group in administrator tab which can be provided access to reports. then this group can be managed at IM level to add various users in one go.

     

    Let me know if more information is required from my end.

     

    Thanks in advance!

     

    Regards,

    Aditi



  • 8.  Re: Giving access to groups in Admin UI
    Best Answer

    Posted Dec 01, 2016 12:51 AM

    Hi Aditi, 

     

    Please check this Idea Assign a Group as superuser in SM  matches your requirement.

     

    Regards,

    Leo Joseph.



  • 9.  Re: Giving access to groups in Admin UI

    Posted Dec 05, 2016 06:29 PM

    Hi Aditi,

     

    For WAMUI, there is no way to define Administrator in "group" format. You need to configure the administartor individually as the WAMUI has no option to select group for time being. The enhancement request pointed out by Leo is something will help if get implemented in future.

     

     

     

    Protect WAMUI with SSO will not help in this case

     

    https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/start-the-administrative-ui-and-manage-objects/protect-the-administrative-ui-with-ca-single-sign-on

     

    as you still need to configure each user from user store at WAMUI -> Administration -> Administrator part.

     

    Bear with CA SSO till the enhancement request implement  to make your life easier.

     

    Regards,

    Kar Meng



  • 10.  Re: Giving access to groups in Admin UI

    Posted Dec 06, 2016 12:38 AM

    Yeah Kar, Already voted for the idea shared by Leo.

    Thanks a lot!

     

    Regards,

    Aditi