cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
sathya66
Barite | Level 11 sathya66
Barite | Level 11
Go to Solution

connect SASApp by using SAS inernal account via a shared AD account

Posted 02-03-2021 09:02 AM (1296 views)

All,

we have a user with defaultauth (ex:testuser) which will connect to SAS. we wanted to use this user to be shared across all the internal accounts to connect to SAS (like a batch account, no need to know the user what is the account behind) .

ex: test1@saspw connect to SAS metadata and later connect SASApp via testuser without asking the credentials again for SASApp.

We created a group with testuser account and added this internal account user to it but while connecting to SAS App, it is asking credentials (we don’t want to share with users).

I tried multiple ways but no luck.

Is there a way to connect SAS compute via programme or any other method. we have one batch ID for oracleauth and lsfauth for batch jobs, looking for the same for defaultauth.

Something like

options metaserver="testcompute.com" 

        metaport=8592             

    metauser="testuser"   

    metapass="XXXX

    metarepository="Foundation"

    metaprotocol=BRIDGE;

1 ACCEPTED SOLUTION

Accepted Solutions
SASKiwi
PROC Star SASKiwi
PROC Star

Re: connect SASApp by using SAS inernal account via a shared AD account

Posted 02-03-2021 01:58 PM (1189 views)  |   In reply to sathya66

If you want some users to use token authentication and others to use their own userids then the only solution I can think of would be to create a second workspace server context, say SASApp2, for the new token authentication and leave all users using their own userids on SASApp.

View solution in original post

5 REPLIES 5
jcFranklin
SAS Employee jcFranklin
SAS Employee

Re: connect SASApp by using SAS inernal account via a shared AD account

Posted 02-03-2021 09:36 AM (1262 views)  |   In reply to sathya66

You can setup token authentication on the workspace server context and use the testuser account. This way all the server processes for that workspace server context will now run under testuser and not the user account. The user signed in only needs to sign in once with their userid/password and they never need to know the userid/pass for testuser. However, you would have to setup testuser as an external account that is known to the OS in order to launch a workspace server session. An internal account cannot launch a workspace server process. 

 

SAS Token Authentication

 

How-to Configure SAS Token Authentication

sathya66
Barite | Level 11 sathya66
Barite | Level 11

Re: connect SASApp by using SAS inernal account via a shared AD account

Posted 02-03-2021 10:40 AM (1222 views)  |   In reply to jcFranklin
Thanks,
I am aware of this but don't want to go this way as other users need to run their jobs on their own and we need audit for them. we want to do this for few uses not for all SAS users.
0 Likes
SASKiwi
PROC Star SASKiwi
PROC Star

Re: connect SASApp by using SAS inernal account via a shared AD account

Posted 02-03-2021 01:58 PM (1191 views)  |   In reply to sathya66

If you want some users to use token authentication and others to use their own userids then the only solution I can think of would be to create a second workspace server context, say SASApp2, for the new token authentication and leave all users using their own userids on SASApp.

jcFranklin
SAS Employee jcFranklin
SAS Employee

Re: connect SASApp by using SAS inernal account via a shared AD account

Posted 02-03-2021 06:07 PM (1167 views)  |   In reply to SASKiwi

What @SASKiwi said is correct. You can create a second server context, enable token authentication on that context, then grant permissions to a group or users that you want to always run workspace server processes under the testuser id.

0 Likes
CarmineVerrell
SAS Employee CarmineVerrell
SAS Employee

Re: connect SASApp by using SAS inernal account via a shared AD account

Posted 02-03-2021 09:45 AM (1253 views)  |   In reply to sathya66

Every time you start up a workspace server or compute server you need to provided credentials of a user that exists on the workspace server machine. If you try to use an internal account (which can’t start a W/S session) then SAS allows prompts for the USER and PW for a user like the testuser account every time.  

There isn't any built-in way to secure a password in the manner you are requesting and then share one account with other users that only have internal accounts. Token auth might work or Normally we would provide users with their own defaultAuth account and if they need to execute something on the server in a similar manner we would use the SAS Stored process server as it uses a shared credential call SASSRV.

 

Hope that helps.

 

Carmine

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 5 replies
  • ‎02-03-2021 09:02 AM
  • 1298 views
  • 7 likes
  • 4 in conversation