BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
sharon4pal
Obsidian | Level 7

Dear Team,

     I want to Integrate active directory with sas server. So request to you please share complete steps or documentation. SAS server is installed & configured with window platform.

 

 

Thanks

Sharafadeen

1 ACCEPTED SOLUTION
9 REPLIES 9
AlanC
Barite | Level 11

See this post: http://savian.blogspot.com/2012/03/sas-and-ldap.html

 

Also, SAS has had issues on volume with LDAP. If you have more than 50K entries, you may encounter it but they may have fixed since I encountered it.

https://github.com/savian-net
sharon4pal
Obsidian | Level 7

Dear Team,

     I want to Integrate active directory Automation with sas server. So request to you please share complete steps or documentation. SAS server is installed & configured with window platform.

 

 

Thanks

Sharafadeen

SimonDawson
SAS Employee

This is covered in the appendix of the SAS® 9.4 Intelligence Platform: Security Administration Guide

If you were after a point and click solution check out the Metacoda Identity Sync plugin

JuanS_OCS
Amethyst | Level 16

Hello @sharon4pal,

 

did you have the chance to give a look into the suggestion provided by @AlanC?

 

I also would like to now more about what you mean with the integration with AD. There are a few things to consider:

 

- Do you mean to have the users in sync with the AD? I would give a look into the scripts here http://documentation.sas.com/?docsetId=bisecag&docsetTarget=n0l2hp5m00a1z2n1b598q4pknfih.htm&docsetV...

 

- Do you mean that a user, if it connects with a desktop application, such as DI or EG, can connect without providing password (the name of this technique is IWA, which stands for Integrated Windows Authentication): this is better done during the server installation, just activating the check box for IWA in one of the first screens for the Configuration stages.

 

- Do you mean the same, but for the Web applications? This is a bit more complex, SIngle Sign On, based on web authentication and  IWA. Please do this, in order:

   Web Authentication: http://documentation.sas.com/?docsetId=bimtag&docsetTarget=n1bhp608f0hsoen10i1vi0p9l5f7.htm&docsetVe...

   IWA for Web: http://documentation.sas.com/?docsetId=bisecag&docsetTarget=n1d1zo1jsf2o0en1ehu4c4simfky.htm&docsetV...

 

Or is it anything else?

FYI, if the metadata and workspace server is installed on a Windows server, the SAS metadata and workspace servers will be able to authenticate automatically against your AD, without further steps and only if you selected Host authentication during the installation, as long as in the user account you specify the domain\user in the account (no password is required)

sharon4pal
Obsidian | Level 7

Hello Juan,

 

We don't want to go to metadata to start creating the users and capabilities manually. We want to create different ou groups (sas analyst, investigator, e.t.c) on ldap and integrate these groups into sasv9_usermod.cfg, so that when a user login to sas aml from the web, th page automatically displays their home page based on the capabilities defined for ech group.

 

Does SAS have these capability?

 

Thank you.

JuanS_OCS
Amethyst | Level 16

Hello @sharon4pal,

 

yes, it does, please refer to my first link for full documentation, and example scripts.

However, please note you have nothing to do with the sasv9_usermod.cfg file, just create the scripts. I recommend to launch the scripts with your SAS Batch server if you have one.

 

The objectives are:

1- Create your shadow groups in the SAS metadata, that will match your key groups coming from AD. This will be a 1-1 relationship.

2- Have a script that will download the AD users and groups into a CSV file

3- A script that will convert the data in the CSV file into the cannonical tables expected by SAS and described in the documentation shared with you in the 1st link.

4- Another script that will "download" the users and groups from SAS Metadata into cannonical SAS tables and will compare them with the AD cannonical tables. The same script, afterwards, will apply modification (add, update or remove) depending on the diffs.

 

SAS provides examples to do steps 1 to 4 on the same referred link 

 

Skywalker70
Calcite | Level 5

Hi Juan, when first approaching the SAS management console where does the administrator actually run the sample code ?

I was admin in 2015 and have not touched the SAS admin since.  I am not sure where one would start to initiate the MetaData and AD groups.  Can you tell me where to start first ?  thanks

JuanS_OCS
Amethyst | Level 16

Hello @Skywalker70,

 

I would like to advise you to open a new post. You can refer to this post if you will, but it is also important if you can give some information of your environment (version, maintenance, etc) and a bit more detailed question, perhaps.

 

 

sas-innovate-2024.png

Join us for SAS Innovate April 16-19 at the Aria in Las Vegas. Bring the team and save big with our group pricing for a limited time only.

Pre-conference courses and tutorials are filling up fast and are always a sellout. Register today to reserve your seat.

 

Register now!

Discussion stats
  • 9 replies
  • 17854 views
  • 5 likes
  • 5 in conversation