Use UFT Mobile with LDAP

If your organization uses LDAP, you can integrate UFT Mobile with your LDAP server. Users can then access UFT Mobile with their LDAP credentials, without the need for the administrator to first add them to the list of authorized users.

Enable LDAP on the UFT Mobile server

In the UFT Mobile Lab console, in Administration , select the SETTINGS tab and in the left panel, click LDAP Integration. Enable LDAP mode, and add at least one LDAP server configuration. For details, see settings.

Back to top

Add and assign users

Only authorized users, who are included in the LDAP directory and in the UFT Mobile list of users, can work with UFT Mobile. Users can be added to the list of users and assigned to workspaces in the following ways:

Login

The first time that an LDAP user logs in to UFT Mobile, they are added to the list of users.

If a workspace has a server/ group assignment, users included in the server/groups are automatically assigned to the workspace whenever they log in. For details on server/group assignment, see Assign LDAP server or groups to workspaces.

When the Assign users to default workspace setting is enabled in Administration Settings, a user will be assigned to the Default workspace:

  • If there is no LDAP server/group assigned to the Default workspace OR
  • If an LDAP server/group is assigned to the Default workspace, and the user is included in the server/groups.
Import Use the import users file option, in the User Management script. The script assigns user roles and can also be used to assign users to workspaces.
Manually

Provided that no server or group has been assigned to the workspace, add an LDAP user (using the LDAP username) in the USERS section and assign them access to the required workspaces. You can also assign an existing user to a workspace, by selecting the user from the full list of users under Lab Management.

For details on server/group assignment, see Assign LDAP server or groups to workspaces.

Synchronization

Perform a sync to add the relevant users to the list of users. Then, provided that no server or group has been assigned to a workspace, you can manually assign users to a workspace. For details on server/group assignment, see Assign LDAP server or groups to workspaces.

To perform a sync:
In Lab Management, in the USERS section of the page, click the sync button . New users are added to the users list.

Note: Adding up to 5000 LDAP users is supported.


Wait for the synchronization to complete and for UFT Mobile to issue a message that the synchronization has succeeded. By default, synchronization does not remove users that no longer exist on the LDAP server. To remove all obsolete users during a synchronization, Set the Remove users when synching to Yes on the Admin Settings > LDAP integration page.

When users are added by first login in or via synchronization, the user receives a User role. After the initial login, an administrator can change the role to Shared space Admin or Workspace admin.

Back to top

Assign LDAP server or groups to workspaces

Instead of having to manage permissions for each user separately, the administrator can grant an entire LDAP group access to relevant devices and applications in the organization. If you have enabled LDAP mode, you can assign an LDAP server or groups to specific workspaces. For example, you can configure UFT Mobile to allow all users from the QA Europe LDAP group to use the QA Europe workspace.

Note: Server/group assignment is not supported when shared spaces are enabled.

To assign LDAP groups to workspaces, either the User Group membership attribute, or the Group membership attribute must be specified in the LDAP server configuration in the administration settings. For details, see Administration Settings.

To assign a server or group to a workspace:

  1. In Administration , click the MANAGEMENT tab.
  2. Select Lab Management in the left panel, and click the ALL USERS tab. Alternatively, to assign an LDAP server or groups to a specific workspace, select the workspace in the left panel, and then click the USERS tab.
  3. In the LDAP GROUPS & SERVERS section, click + to assign an LDAP server or groups to workspaces:
    1. Provide a display name so that you can identify the group or server assignment. For example, QA Europe.
    2. Select the LDAP server to be assigned.
    3. Provide the LDAP Group DN (optional). For multiple groups, use a semi-colon to separate the entries. If left empty, all users included in the server will be able to access the workspace.
    4. Tip: If there is a group hierarchy in the LDAP server, you can assign the parent group. All nested sub-groups will be included.

    5. Select the workspace/s to which to assign the server or groups.

Users will automatically be added to the table in the USERS section after first login. The workspaces to which they are assigned are synched with each login, and displayed in the USERS section. For details, see Add and assign users. If there are server or group assignments, users cannot be manually assigned or unassigned to workspaces.

Back to top

To edit LDAP server or group assignments:

Edit an LDAP group, for example to change the workspace assignment, or to delete the server/ groups assignment completely.

Edit

In LDAP GROUPS & SERVERS, select an item and click . Edit the details as needed.

Delete In LDAP GROUPS & SERVERS, select an item and click . Note that the server/groups assignment to the workspace will be removed. Users included in the server/groups will no longer have access to the workspace.

Back to top

Considerations when using LDAP Users

Note the following considerations regarding users when you enable the LDAP integration:

Change the LDAP setting All existing users, excluding admin@default.com, are deleted when you enable or disable the integration with LDAP.
Passwords You will not be able to change an LDAP user's password from UFT Mobile.
Delete users Deleting a user removes the user from the list of the UFT Mobile list of users. However, if the user is included in an LDAP server or group that is assigned to a specific workspace, the user will be added again when they log in.
Assign LDAP servers or groups to workspaces

If a workspace has one or more LDAP servers or groups assigned to it:

  • The administrator will not be able to manually assign a user to the workspace.
  • Users that are not included in the LDAP server/ groups (except for shared space admin users) will not be able to access the workspace

Change LDAP server If you change LDAP servers, the users from the original server will still be displayed in the UFT Mobile user list. However, if they are not included in the new server, they will not be able to access UFT Mobile. To remove users from the original server from UFT Mobile, you delete them manually. Alternatively, if the Remove users when syncing option is enabled in Administration Settings, perform a sync to remove the users. Note that synchronization will also add all new LDAP users.
Appium Appium anonymous access is not supported with LDAP.
Max number of users Adding up to 5000 LDAP users is supported.
Shared spaces/ UFT Mobile as a managed service When using UFT Mobile as a managed service provided by an MSP or when shared spaces are enabled: If the Allow access to all users option was enabled at the global level in the LDAP integration settings, the Remove button will not be displayed and you will not be able to remove users from the Users page. (The deletion of users is disabled, because the removal of users would only be effective until the next log in.)

Back to top

Use secure LDAP on the UFT Mobile server

To use UFT Mobile with secure LDAP (SSL), you will need your LDAP certificate. The section below is relevant for on-premises deployments of UFT Mobile. For UFT Mobile SaaS, open a service request to install your LDAP certificate on the server. For details, see Check the LDAP configuration and obtain a certificate.

  1. Copy the certificate to the UFT Mobile server machine. Obtain your certificate from your IT administrator or use a third-party tool to obtain a certificate. For details, see Check the LDAP configuration and obtain a certificate.
  2. Import the LDAP certificate to the truststore on the server machine. The following is a sample keytool command for importing the certificate file:

    keytool -import -trustcacerts -keystore "C:\Program Files\UFT Mobile Server\server\Security\keystore\trustStoreHpmc" -storepass password -alias myCA -file c:\hpldapsec.der

  3. Upload the certificate to your machine by running the uploadCertificates.bat/sh script from the /Security folder.
  4. Restart the UFT Mobile server.
  5. In the UFT Mobile Lab Management console, select Administration Settings in the Administration tab, and scroll down to the LDAP Integration section. Enable the SSL Mode setting.
  6. Restart the UFT Mobile server.

Back to top

Check the LDAP configuration and obtain a certificate

You can verify the LDAP configuration and obtain your LDAP certificate by using a third-party LDAP browser tool, such as JXplorer.

  1. Download JXplorer.
  2. In JXplorer, select File > Connect. Enter the details for LDAP host, port, security level for connection, User DN, and password. Click OK.

  3. Add the certificate to your trusted keystore.
  4. Select Security > Trusted Servers and CAs. Select the certificate and click View Certificate. Click Copy to File.

    If you encounter errors, there is either a problem with the parameters that you provided for the connection, or with the LDAP configuration itself.

Back to top

See also: