Home
HCL Workload Automation
Welcome to the HCL Workload Automation documentation, where you can find information about how to install, maintain, and use HCL Workload Automation. The documentation has been updated for HCL Workload Automation Version 10.1 Fix Pack 3.
Administration Guide
Configuring the Dynamic Workload Console
Configuring the Dynamic Workload Console for Single Sign-On
Single Sign-On (SSO) is a method of access control that allows a user to authenticate once and gain access to the resources of multiple applications sharing the same user registry.

HCL Workload Automation
Welcome to the HCL Workload Automation documentation, where you can find information about how to install, maintain, and use HCL Workload Automation. The documentation has been updated for HCL Workload Automation Version 10.1 Fix Pack 3.
- Fix pack readmes
- Planning and Installation
- User's Guide and Reference
- Administration Guide
  - Customizing and configuring HCL Workload Automation
  - Configuring the Dynamic Workload Console
    - Launching in context with the Dynamic Workload Console
      Create a URL to launch the Dynamic Workload Console and have it directly open the results of a particular query.
    - Configuring access to the Dynamic Workload Console
    - Configuring the Dynamic Workload Console for Single Sign-On
      Single Sign-On (SSO) is a method of access control that allows a user to authenticate once and gain access to the resources of multiple applications sharing the same user registry.
      - How to configure the Dynamic Workload Console and the master domain manager for Single Sign-On
        Configure the Dynamic Workload Console and the master domain manager for Single Sign-On.
      - How to configure the Dynamic Workload Console 10.1 Fix Pack 3 and a master domain manager 9.4.x for Single Sign-On
        How to configure the Dynamic Workload Console 10.1 Fix Pack 3 and a master domain manager 9.4.x for Single Sign-On.
    - Configuring Dynamic Workload Console to use SSL
    - Configuring Dynamic Workload Console to connect to a remote SAP system
      You can create a new SAP connection.
    - Customizing your global settings
      How to customize global settings.
    - Disable the What-if Analysis
    - Configuring High Availability
      How to configure, change, and share your settings repository.
    - Configuring Dynamic Workload Console to view reports
  - Configuring user authorization (Security file)
  - Configuring authentication
  - Network administration
  - Connection security overview
  - Data maintenance
  - Administrative tasks
  - Administering IBM i dynamic environment
    On overview on how to administer the HCL Workload Automation IBM i dynamic environment.
  - Performance
  - Availability
  - License computation model
- Scheduling with the Agent for z/OS
- Database Views
- High Availability Cluster Environment
- Driving HCL Workload Automation
- Extending HCL Workload Automation

Configuring the Dynamic Workload Console for Single Sign-On

Single Sign-On (SSO) is a method of access control that allows a user to authenticate once and gain access to the resources of multiple applications sharing the same user registry.

This means that using SSO you can run queries on the plan or manage object definitions on the database accessing the engine without authenticating, automatically using the same credentials you used to log in to the Dynamic Workload Console.

The same is true when working with the Self-Service Catalog and Self-Service Dashboards apps from a mobile device. If the Dynamic Workload Console has been configured to use SSO, then these apps automatically use the same credentials used to log in to the Dynamic Workload Console.

After the installation completes, you can configure the Dynamic Workload Console and the HCL Workload Automation engine to use SSO. To do this, they must share the same LDAP user registry.

The Lightweight Directory Access Protocol (LDAP) is an application protocol for querying and modifying directory services running over TCP/IP - see Configuring a user registry for more details.

If you configured Dynamic Workload Console to use Single Sign-On with an engine, then, the following behavior is applied:

If engine connection has the user credentials specified in its definitions: These credentials are used. This behavior regards also engine connections that are shared along with their user credentials.
If the user credentials are not specified in the engine connection: The credentials you specified when logging in to Dynamic Workload Console are used. This behavior regards also shared engine connections having unshared user credentials.

Before you proceed, ensure that the contents of the ltpa.keys file are identical on both the Dynamic Workload Console and the master domain manager. The file is located in the following path:

usr/servers/engineServers/resources/security

For more information about how to verify and correct this setting, see How to configure the Dynamic Workload Console and the master domain manager for Single Sign-On.