The company is evaluating this option, but not sure if it's feasable.
Any experience integrating Clarity On Demand with the company's Active Directory or other LDAP?
LDAP is not secure enough to be used across the internet with your On Demand System. SSO can be used instead. If you use a federated SSO such as OCTA or SiteMinder's Federation Manager, your users can still use their LDAP passwords even though LDAP is not directly interfacing with the On Demand System.
You can use ODUM (uploading flat files via a tool you install on your desk top) or a custom WSDL implementation to sync your users with the On Demand Portal. Your users will be automatically added to Clarity when they are added to one of your environments whether that is done when you first upload them or later on.
Test and Dev environments userbases are usually maintained when you refresh from your production system's database. However, users can be added at any time to those environments via the portal.
I hope this helps.
Let me know if you have further questions.
Please speak with your CA Account Executive before you go too far down this road.
At this time (I don't think there is any effort being made to change this), LDAP is only for On Premise installations. The jobs are not available OnDemand.
As a FYI, LDAP is not available for On Premise. SiteMinder or 3rd party 'SSO' tool required. We recently requested verification via CA Support for an On Premise client. They are still continuing to use SiteMinder following feedback from CA Support.
LDAP is ONLY available to On Premise customers. It is not secure enough for interactions across the internet. It is perfectly fine for usage on an intranet. Federated SSO provides enough security for interactions across the internet. So that is what is used by our On Demand systems.
Yes, it's possible via customization, not OOTB. We usually integrate it via delimited csv file using SaaS sFTP.
Does this custom solution sync passwords as well?
It does not, for that it's better to integrate SSO.
We sync users (creation, update, deactivation) and sometime even groups.
How do you exactly sync them?
I understand that if LDAP integration does not work, then the 2 Clarity Jobs related to LDAP (LDAP - Synchronize New and Changed Users, LDAP - Synchronize Obsolete Users) will not work either. Right?
These LDAP jobs do not exist in OnDemand environments.
You can get halfway using XOG, but that's a resource/group sync, not LDAP
Retrieving data ...