Use UFT Mobile with LDAP
If your organization uses LDAP, you can integrate UFT Mobile with your LDAP server. Users can then access UFT Mobile with their LDAP credentials, without the need for the administrator to first add them to the list of authorized users.
In the UFT Mobile Lab console, in Administration , select the SETTINGS tab and in the left panel, click LDAP Integration. Enable LDAP mode, and add at least one LDAP server configuration. For details, see settings.
Only authorized users, who are included in the LDAP directory and in the UFT Mobile list of users, can work with UFT Mobile. Users can be added to the list of users and assigned to workspaces in the following ways:
The first time that an LDAP user logs in to UFT Mobile, they are added to the list of users.
If a workspace has a server/ group assignment, users included in the server/groups are automatically assigned to the workspace whenever they log in. For details on server/group assignment, see Assign LDAP server or groups to workspaces.
When the Assign users to default workspace setting is enabled in Administration Settings, a user will be assigned to the Default workspace:
|Import||Use the import users file option, in the User Management script. The script assigns user roles and can also be used to assign users to workspaces.|
Provided that no server or group has been assigned to the workspace, add an LDAP user (using the LDAP username) in the USERS section and assign them access to the required workspaces. You can also assign an existing user to a workspace, by selecting the user from the full list of users under Lab Management.
For details on server/group assignment, see Assign LDAP server or groups to workspaces.
Perform a sync to add the relevant users to the list of users. Then, provided that no server or group has been assigned to a workspace, you can manually assign users to a workspace. For details on server/group assignment, see Assign LDAP server or groups to workspaces.
To perform a sync:
Note: Adding up to 5000 LDAP users is supported.
When users are added by first login in or via synchronization, the user receives a User role. After the initial login, an administrator can change the role to Shared space Admin or Workspace admin.
Instead of having to manage permissions for each user separately, the administrator can grant an entire LDAP group access to relevant devices and applications in the organization. If you have enabled LDAP mode, you can assign an LDAP server or groups to specific workspaces. For example, you can configure UFT Mobile to allow all users from the QA Europe LDAP group to use the QA Europe workspace.
Note: Server/group assignment is not supported when shared spaces are enabled.
To assign LDAP groups to workspaces, either the User Group membership attribute, or the Group membership attribute must be specified in the LDAP server configuration in the administration settings. For details, see Administration Settings.
To assign a server or group to a workspace:
- In Administration , click the MANAGEMENT tab.
- Select Lab Management in the left panel, and click the ALL USERS tab. Alternatively, to assign an LDAP server or groups to a specific workspace, select the workspace in the left panel, and then click the USERS tab.
- In the LDAP GROUPS & SERVERS section, click + to assign an LDAP server or groups to workspaces:
- Provide a display name so that you can identify the group or server assignment. For example, QA Europe.
- Select the LDAP server to be assigned.
- Provide the LDAP Group DN (optional). For multiple groups, use a semi-colon to separate the entries. If left empty, all users included in the server will be able to access the workspace.
- Select the workspace/s to which to assign the server or groups.
Tip: If there is a group hierarchy in the LDAP server, you can assign the parent group. All nested sub-groups will be included.
Users will automatically be added to the table in the USERS section after first login. The workspaces to which they are assigned are synched with each login, and displayed in the USERS section. For details, see Add and assign users. If there are server or group assignments, users cannot be manually assigned or unassigned to workspaces.
To edit LDAP server or group assignments:
Edit an LDAP group, for example to change the workspace assignment, or to delete the server/ groups assignment completely.
In LDAP GROUPS & SERVERS, select an item and click . Edit the details as needed.
|Delete||In LDAP GROUPS & SERVERS, select an item and click . Note that the server/groups assignment to the workspace will be removed. Users included in the server/groups will no longer have access to the workspace.|
Note the following considerations regarding users when you enable the LDAP integration:
|Change the LDAP setting||All existing users, excluding email@example.com, are deleted when you enable or disable the integration with LDAP.|
|Passwords||You will not be able to change an LDAP user's password from UFT Mobile.|
|Delete users||Deleting a user removes the user from the list of the UFT Mobile list of users. However, if the user is included in an LDAP server or group that is assigned to a specific workspace, the user will be added again when they log in.|
|Assign LDAP servers or groups to workspaces||
If a workspace has one or more LDAP servers or groups assigned to it:
|Change LDAP server||If you change LDAP servers, the users from the original server will still be displayed in the UFT Mobile user list. However, if they are not included in the new server, they will not be able to access UFT Mobile. To remove users from the original server from UFT Mobile, you delete them manually. Alternatively, if the Remove users when syncing option is enabled in Administration Settings, perform a sync to remove the users. Note that synchronization will also add all new LDAP users.|
|Appium||Appium anonymous access is not supported with LDAP.|
|Max number of users||Adding up to 5000 LDAP users is supported.|
|Shared spaces/ UFT Mobile as a managed service||When using UFT Mobile as a managed service provided by an MSP or when shared spaces are enabled: If the Allow access to all users option was enabled at the global level in the LDAP integration settings, the Remove button will not be displayed and you will not be able to remove users from the Users page. (The deletion of users is disabled, because the removal of users would only be effective until the next log in.)|
To use UFT Mobile with secure LDAP (SSL), you will need your LDAP certificate. The section below is relevant for on-premises deployments of UFT Mobile. For UFT Mobile SaaS, open a service request to install your LDAP certificate on the server. For details, see Check the LDAP configuration and obtain a certificate.
- Copy the certificate to the UFT Mobile server machine. Obtain your certificate from your IT administrator or use a third-party tool to obtain a certificate. For details, see Check the LDAP configuration and obtain a certificate.
Import the LDAP certificate to the truststore on the server machine. The following is a sample keytool command for importing the certificate file:
keytool -import -trustcacerts -keystore "C:\Program Files\UFT Mobile Server\server\Security\keystore\trustStoreHpmc" -storepass password -alias myCA -file c:\hpldapsec.der
- Upload the certificate to your machine by running the
uploadCertificates.bat/shscript from the /Security folder.
- Restart the UFT Mobile server.
- In the UFT Mobile Lab Management console, select Administration Settings in the Administration tab, and scroll down to the LDAP Integration section. Enable the SSL Mode setting.
- Restart the UFT Mobile server.
You can verify the LDAP configuration and obtain your LDAP certificate by using a third-party LDAP browser tool, such as JXplorer.
- Download JXplorer.
- In JXplorer, select File > Connect. Enter the details for LDAP host, port, security level for connection, User DN, and password. Click OK.
- Add the certificate to your trusted keystore.
- Select Security > Trusted Servers and CAs. Select the certificate and click View Certificate. Click Copy to File.
If you encounter errors, there is either a problem with the parameters that you provided for the connection, or with the LDAP configuration itself.