Map LDAP Groups With Proficy UAA

About this task

If you want LDAP users to use Proficy UAA, you must map the corresponding LDAP groups with the Proficy UAA group created during the Proficy product installation.

Procedure

Double-click .

Tip: By default, this icon appears on the desktop after you install Proficy UAA.
Select the Identity Providers tab.
The UAA/LDAP/SAML Connectivity Tool appears.
Select the Map Existing LDAP Groups check box.

In the UAA Connection section, provide values as specified in the following table.

Important: The values that you provide in this step must match the values that you provided in the while installing your Proficy product. These values are required to connect to the Proficy UAA. Proficy UAA works only with a single instance of UAA, which is specified during Proficy UAA installation. After installation, you cannot change the instance of UAA that Proficy UAA will use.


Box	Description
URL	Enter the authorization server URL of the Proficy UAA server that you specified in the UAA Base URL box during installation (for example, https://localhost). If referencing Historian 7.x UAA, then use a url of https://Historian7x:8443; if referencing Historian 8.x then use a URL of https://Historian8x (no port number). The port numbers reflect the default port numbers for Historian. If ports were customized, then use the selected port.
Client ID	Enter the client ID of the Proficy UAA server that you specified in the Admin Client ID box during installation.
Client Secret	Enter the client secret configured for the OAuth client that you specified in the Admin Client Secret box during installation.

Select Test.
If connection to the UAA server is established, a message appears, confirming the same.
Note: Currently, the Test Button displays a successful connection for LDAP even when no security certificate or a bad certificate is found.

In the LDAP Connection section, provide values as specified in the following table.


Item	Description
URL	Enter the base URL of the LDAP server (for example, https://localhost).
Bind User DN	Enter the distinguished name of the bind user (for example, cn=admin,ou=Users,dc=test,dc=com).
Password	Enter the password for the LDAP user ID that searches the LDAP tree for user information.
Skip SSL Verification (UAA restart required)	Select this check box if you do not have the certificate to access the LDAP server. Messages are still encrypted, but the certificate is not verified for correctness. Do not select this option if you are not confident of the direct connection to the LDAP server; it could result in redirected traffic outside of your controlled network.
User Search Filter	Enter the subdirectories to include in the search (for example, cn={0}).
User Search Base	Enter the starting point for the LDAP user search in the directory tree (for example, dc=developers,dc=com).
Group Search Base	Enter the starting point for the LDAP group search in the directory tree (for example, ou=scopes,dc=developers,dc=com).
Max Group Search Depth	Enter a value to define the maximum depth for searching LDAP groups. (This may impact performance for very large systems.) By default this value is 10.
Group Search Filter	Enter the subdirectories to include in the search (for example, member={0}).

Select Test, and then select Submit.
If connection to the LDAP server is established, a message appears, confirming the same.
Select Test again, and then select Continue.
In the LDAP Mapping section, the drop-down list box contains a list of groups in Proficy UAA.
In the drop-down list box, select the Proficy UAA group to which you want to map LDAP groups. You can also search for a group in the LDAP Groups Search Filter box. When searching, be sure to use the standard LDAP query language for your search.

Note: If a group is already mapped to the Proficy UAA group that you have selected, the check box is already selected.
Select Map Groups.
A message appears, confirming that the LDAP groups are mapped to the Proficy UAA group.
Repeat steps 8 through 10 for all the Proficy UAA groups that you want to map.