Architecting, installing and maintaining your SAS environment

How to integrate the Active Directory with SAS server

Accepted Solution Solved
Reply
Occasional Contributor
Posts: 14
Accepted Solution

How to integrate the Active Directory with SAS server

Dear Team,

     I want to Integrate active directory with sas server. So request to you please share complete steps or documentation. SAS server is installed & configured with window platform.

 

 

Thanks

Sharafadeen


Accepted Solutions
Solution
‎05-16-2018 05:41 AM
Trusted Advisor
Posts: 1,746

Re: How to integrate the Active Directory Automation with SAS server

Posted in reply to sharon4pal

All Replies
Regular Contributor
Posts: 150

Re: How to integrate the Active Directory with SAS server

Posted in reply to sharon4pal

See this post: http://savian.blogspot.com/2012/03/sas-and-ldap.html

 

Also, SAS has had issues on volume with LDAP. If you have more than 50K entries, you may encounter it but they may have fixed since I encountered it.

Occasional Contributor
Posts: 14

How to integrate the Active Directory Automation with SAS server

Posted in reply to sharon4pal

Dear Team,

     I want to Integrate active directory Automation with sas server. So request to you please share complete steps or documentation. SAS server is installed & configured with window platform.

 

 

Thanks

Sharafadeen

SAS Employee
Posts: 61

Re: How to integrate the Active Directory Automation with SAS server

Posted in reply to sharon4pal

This is covered in the appendix of the SAS® 9.4 Intelligence Platform: Security Administration Guide

If you were after a point and click solution check out the Metacoda Identity Sync plugin

Solution
‎05-16-2018 05:41 AM
Trusted Advisor
Posts: 1,746

Re: How to integrate the Active Directory Automation with SAS server

Posted in reply to sharon4pal
Trusted Advisor
Posts: 1,746

Re: How to integrate the Active Directory with SAS server

[ Edited ]
Posted in reply to sharon4pal

Hello @sharon4pal,

 

did you have the chance to give a look into the suggestion provided by @AlanC?

 

I also would like to now more about what you mean with the integration with AD. There are a few things to consider:

 

- Do you mean to have the users in sync with the AD? I would give a look into the scripts here http://documentation.sas.com/?docsetId=bisecag&docsetTarget=n0l2hp5m00a1z2n1b598q4pknfih.htm&docsetV...

 

- Do you mean that a user, if it connects with a desktop application, such as DI or EG, can connect without providing password (the name of this technique is IWA, which stands for Integrated Windows Authentication): this is better done during the server installation, just activating the check box for IWA in one of the first screens for the Configuration stages.

 

- Do you mean the same, but for the Web applications? This is a bit more complex, SIngle Sign On, based on web authentication and  IWA. Please do this, in order:

   Web Authentication: http://documentation.sas.com/?docsetId=bimtag&docsetTarget=n1bhp608f0hsoen10i1vi0p9l5f7.htm&docsetVe...

   IWA for Web: http://documentation.sas.com/?docsetId=bisecag&docsetTarget=n1d1zo1jsf2o0en1ehu4c4simfky.htm&docsetV...

 

Or is it anything else?

FYI, if the metadata and workspace server is installed on a Windows server, the SAS metadata and workspace servers will be able to authenticate automatically against your AD, without further steps and only if you selected Host authentication during the installation, as long as in the user account you specify the domain\user in the account (no password is required)

Occasional Contributor
Posts: 14

Re: How to integrate the Active Directory with SAS server

Posted in reply to JuanS_OCS

Hello Juan,

 

We don't want to go to metadata to start creating the users and capabilities manually. We want to create different ou groups (sas analyst, investigator, e.t.c) on ldap and integrate these groups into sasv9_usermod.cfg, so that when a user login to sas aml from the web, th page automatically displays their home page based on the capabilities defined for ech group.

 

Does SAS have these capability?

 

Thank you.

Trusted Advisor
Posts: 1,746

Re: How to integrate the Active Directory with SAS server

Posted in reply to sharon4pal

Hello @sharon4pal,

 

yes, it does, please refer to my first link for full documentation, and example scripts.

However, please note you have nothing to do with the sasv9_usermod.cfg file, just create the scripts. I recommend to launch the scripts with your SAS Batch server if you have one.

 

The objectives are:

1- Create your shadow groups in the SAS metadata, that will match your key groups coming from AD. This will be a 1-1 relationship.

2- Have a script that will download the AD users and groups into a CSV file

3- A script that will convert the data in the CSV file into the cannonical tables expected by SAS and described in the documentation shared with you in the 1st link.

4- Another script that will "download" the users and groups from SAS Metadata into cannonical SAS tables and will compare them with the AD cannonical tables. The same script, afterwards, will apply modification (add, update or remove) depending on the diffs.

 

SAS provides examples to do steps 1 to 4 on the same referred link 

 

☑ This topic is solved.

Need further help from the community? Please ask a new question.

Discussion stats
  • 7 replies
  • 232 views
  • 4 likes
  • 4 in conversation