Creating Users

You create or import users differently depending on the type of authentication realm.

Internal Security / Internal Storage Type Users

For Internal Storage type authentication realms, such as the default Internal Security authentication realm, you create users using the Create New User button.

When adding a new user, the user name and password is what the individual will use when logging into Deployment Automation. The user name will also be displayed when setting up additional security.

Once the new user has been successfully added to a group, you might need to configure additional permissions. This can happen when the new user is mapped to a group that has limited permissions.

Include an email ID for the user if you want them to be eligible to receive email notifications. See Configuring Email Notifications.

LDAP Users

Once LDAP configuration is complete, when a new user logs on using their LDAP credentials, they will be listed on the Authentication Realms pane. You should not manage user passwords or remove users from the list. If an active user is removed from Deployment Automation, they will still be able to log in to the server as long as their LDAP credentials are valid.

Single Signon Users

SBM solutions, such as Release Control, can use Single Sign-On (SSO) to access Deployment Automation functionality. The users are created in SBM, and when Deployment Automation is accessed the first time from SBM, the corresponding user is automatically created in Deployment Automation.

PKI Certificate Users

Users authenticated through PKI Certificate authentication are automatically created with the first login using the associated CA certificate. Users authenticated with PKI Certificate are automatically added to an authentication realm of PKI Certificate type.

They are assigned to a group based on the Default security group set in the system settings; they are not assigned to a group if the default security group is not configured. See System Settings.

Administrators can also add users to the PKI Certificate authentication realm without providing users' client certificates. The administrator can assign the users to groups manually and otherwise configure their permissions on a user by user basis. When users log in with their certificates, they are identified by their login name and their data is updated from the properties provided in the certificate, such as user name and email ID.

Administrators map certificate properties to user properties during configuration of the PKI Certificate authentication realm. See Creating PKI Certificate Authentication Realms.