Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Words and Phrases
| Search for | Example | Results |
|---|---|---|
| A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
|
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Using Boolean Operators
| Search for | Operator | Example |
|---|---|---|
|
Two or more words in the same topic |
|
|
| Either word in a topic |
|
|
| Topics that do not contain a specific word or phrase |
|
|
| Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
| A combination of search types | ( ) parentheses |
|
- User and user group setup and security
- SA users and user groups
- Managing users
- Managing user groups
- Setting permissions on user groups
- Setting password, account, and session security policies
- Managing super administrators
- Managing customer administrators and customer groups
- Authenticating with an external LDAP directory service
- SA Common Access Card (CAC) and Personal Identity Verification (PIV) Smart Card integration
- SA/RSA SecurIDĀ® integration
- Configuring SA/SecurID integration
- User and Security Reports
Authenticating with an external LDAP directory service
You can configure SA to use an external LDAP directory service for user authentication. With external authentication, you do not have to maintain separate user names and passwords for SA. When users log in to the SA Client, they enter their LDAP user names and passwords.
The LDAP directory is read-only to SA. After LDAP users are imported, any changes to the user attributes in the directory will require you to reimport the users from the LDAP directory.
An SA Agent must be installed on all domain controllers in order for rosh/ttlg using Active Directory credentials to work.
Users imported into SA from an LDAP server
All SA user names must be unique, regardless of the authentication mechanism.
LDAP users must be successfully imported into SA before they can log onto SA.
Importing users from an LDAP directory must be done by the SA user administrator.
Imported users are managed in the same way as users created by the SA Client. For example, use the SA Client to assign imported users to user groups and delete imported users from SA.
If you delete an imported user with the SA Client, the user is not deleted from the external LDAP directory.
With the SA Client, search for users in the external LDAP, and then import selected users into SA. You can limit the search results by specifying a filter.
The LDAP import process fetches the following user attributes from the LDAP directory:
firstName
lastName
fullName
emailAddress
phoneNumber
street
city
state
country
SA also fetches LDAP user distinguished names (DN) during the import. The user DN is mapped to the SA user name.
After the import process, you may edit the imported user information within the SA Client. However, you cannot change the user login name or password. Importing a user is a one-time, one-way process. Changes to the user attributes you make using the SA Client are not propagated back to the external LDAP directory server.
If you use external authentication, you can still create separate users with the SA Client. However, this practice is not recommended, because of the likelihood of inadvertently creating duplicate users in the LDAP directory and in the SA Client. If there are duplicate users, the user defined in the SA Client will be used, and the user in the LDAP directory will be ignored.
To see which users have been imported in the SA Client, select the Administration tab, then select Users under the Users and Groups view. Make sure the Credential Store column is displayed. Users with Directory Server in the Credential Store column have been imported from the LDAP server.
SSL and external authentication
Although SSL is not required for external authentication, it is strongly recommended. The certificate files needed for LDAP over SSL must be in Privacy Enhanced Mail (PEM) format. Depending on the LDAP server, you may need to convert the server's Certification Authority (CA) certificate to PEM format.
Supported external LDAP directory servers
You can use the following directory server products with SA:
- Microsoft Active Directory (Windows Server 2000, 2003, 2008, or 2012)
- Novell eDirectory 8.7
- SunDS 5.2
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to hpe_sa_docs@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: