Cisco Cisco Intelligent Automation for Cloud 4.2 Installation Guide
36
Optional Tasks
Enabling Directory Integration
5.
In the Role List field at the bottom of the optional mappings list, enter mapping attributes for role list that assigns the
user to one of the six Prime Service Catalog user groups that you created in the directory. using the convention used
for the example scenario (variables for the example appear in boldface):
user to one of the six Prime Service Catalog user groups that you created in the directory. using the convention used
for the example scenario (variables for the example appear in boldface):
expr:#memberOf#=(CN=(.*),OU=Groups,OU=Austin,OU=Texas,OU=USA,DC=notexist,DC=local)?($1):
6.
Test the mappings using the Data Test Mapping feature.
Note:
For instructions on enabling and using the Data Test Mapping feature, see “Testing Mappings” in “Directory
Integration and API,” in the Cisco Prime Service Catalog 10.1 Integration Guide. The latest version of the technical
reference guides can be found here:
reference guides can be found here:
http://www.cisco.com/c/en/us/support/cloud-systems-management/prime-service-catalog/products-technical-refer
ence-list.html
ence-list.html
Enabling Directory Integration
Before you enable directory integration, be sure you have all user groups configured for use with Cisco IAC. If you do not
have all user groups configured before you enable directory integration, you will not be able to log back in to Prime
Service Catalog.
have all user groups configured before you enable directory integration, you will not be able to log back in to Prime
Service Catalog.
1.
Choose Administration from the module drop-down list, then click Personalize Your Site.
2.
On the Customizations page, scroll down to the Common Settings area and turn the Enable Directory Integration
setting On.
setting On.
3.
Click the Update button at the bottom of the page.
Administrative On-boarding of User Accounts
1.
The Organization Technical Administrator (OTA) navigates to the User Management page which allows him to add
users to the organization.
users to the organization.
2.
The OTA searches the directory (directory integration for the person search event has previously been configured
and tested) for people to assign to his provisioning organization. Once the person is found, he is assigned an
appropriate Server Owner role.
and tested) for people to assign to his provisioning organization. Once the person is found, he is assigned an
appropriate Server Owner role.
3.
In Administration > Directories > Events, configure a login event. The login event should have one operation: to
perform Single Sign-on or External Authentication, as desired.
perform Single Sign-on or External Authentication, as desired.
4.
Start a new browser session (if using external authentication) or try a single sign-on entry to the Service Catalog,
and try to login as a new user, testing the just configured Login event.
and try to login as a new user, testing the just configured Login event.
Setting Global Variable to store OpenStack Keypairs
Keypairs are required when ordering an OpenStack instances, it can be stored in shared path location to be retrieved by
Process Orchestrator on demand during instances creation in order to access instances with private key authentication.
This can be either a local path or a share path over network as long as Process orchestrator has proper reachability to
that shared path. To configure the Global Variable from Cisco Process Orchestrator:
Process Orchestrator on demand during instances creation in order to access instances with private key authentication.
This can be either a local path or a share path over network as long as Process orchestrator has proper reachability to
that shared path. To configure the Global Variable from Cisco Process Orchestrator:
1.
Go to Definitions > Global Variables.
2.
Right-click on File Share Path.
3.
Select Properties.
4.
In general tab change the “value” field to preferred location.