Welcome
HCL Workload Automation
Welcome to the HCL Workload Automation documentation, where you can find information about how to install, maintain, and use HCL Workload Automation. The documentation has been updated for HCL Workload Automation Version 10.2.3.
Administration Guide
Configuring the Dynamic Workload Console
Configuring the Dynamic Workload Console for Single Sign-On
Single Sign-On (SSO) is a method of access control that allows a user to authenticate once and gain access to the resources of multiple applications sharing the same user registry.

Product requirements
This section contains links to the HCL Workload Automation Product Requirements.
Overview
Mobile Applications Userʼs Guide
Dynamic Workload Console User's Guide
AI Data Advisor (AIDA) User's Guide
Scheduling Job Integrations with HCL Workload Automation
HCL Workload Automation
Welcome to the HCL Workload Automation documentation, where you can find information about how to install, maintain, and use HCL Workload Automation. The documentation has been updated for HCL Workload Automation Version 10.2.3.
- Planning and Installation
- User's Guide and Reference
- Administration Guide
  - Customizing and configuring HCL Workload Automation
  - Configuring the Dynamic Workload Console
    - Launching in context with the Dynamic Workload Console
      Create a URL to launch the Dynamic Workload Console and have it directly open the results of a particular query.
    - Configuring access to the Dynamic Workload Console
    - Configuring the Dynamic Workload Console for Single Sign-On
      Single Sign-On (SSO) is a method of access control that allows a user to authenticate once and gain access to the resources of multiple applications sharing the same user registry.
      - How to configure the Dynamic Workload Console and the master domain manager for Single Sign-On
        Configure the Dynamic Workload Console and the master domain manager for Single Sign-On.
      - How to configure the Dynamic Workload Console 10.2.3 and a master domain manager 9.4.x for Single Sign-On
        How to configure the Dynamic Workload Console 10.2.3 and a master domain manager 9.4.x for Single Sign-On.
    - Configuring Dynamic Workload Console to use SSL
    - Configuring the Dynamic Workload Console to connect to an HCL Universal Orchestrator engine
    - Configuring Dynamic Workload Console to connect to a remote SAP system
      You can create a new SAP connection.
    - Customizing your global settings
      How to customize global settings.
    - Disable the What-if Analysis
    - Configuring High Availability
      How to configure, change, and share your settings repository.
    - Configuring Dynamic Workload Console to view reports
  - Configuring user authorization (Security file)
  - Configuring authentication
  - Network administration
  - Configuring secure communications
    HCL Workload Automation ensures your business operations are always secure with robust, authenticated, and encrypted connections powered by the Secure Sockets Layer (SSL) protocol.
  - Data maintenance
  - Administrative tasks
  - Administering IBM i dynamic environment
    On overview on how to administer the HCL Workload Automation IBM i dynamic environment.
  - Performance
  - Availability
  - License computation model
- Scheduling with the Agent for z/OS
- Database Views
- High Availability Cluster Environment
- Driving HCL Workload Automation
- Extending HCL Workload Automation
HCL Workload Automation for Z
Welcome to the HCL Workload Automation for Z documentation, where you can find information about how to install, maintain, and use the product.
Messages and Codes
Glossary
Notices

Configuring the Dynamic Workload Console for Single Sign-On

Single Sign-On (SSO) is a method of access control that allows a user to authenticate once and gain access to the resources of multiple applications sharing the same user registry.

This means that using SSO you can run queries on the plan or manage object definitions on the database accessing the engine without authenticating, automatically using the same credentials you used to log in to the Dynamic Workload Console.

The same is true when working with the Self-Service Catalog and Self-Service Dashboards apps from a mobile device. If the Dynamic Workload Console has been configured to use SSO, then these apps automatically use the same credentials used to log in to the Dynamic Workload Console.

After completing the installation, you can set up Single Sign-On (SSO) for the Dynamic Workload Console and master domain manager using either an LTPA registry or a basic user registry. To achieve this, Dynamic Workload Console and master domain manager need to use the same user registry. Additionally, ensure that the contents of the ltpa.keys file are identical on both the Dynamic Workload Console and the master domain manager. The ltpa.keys file is located in the following path:

usr/servers/engineServers/resources/security

The Lightweight Directory Access Protocol (LDAP) is an application protocol for querying and modifying directory services running over TCP/IP - see Configuring a user registry for more details.

If you configured Dynamic Workload Console to use Single Sign-On with an engine, then, the following behavior is applied:

If engine connection has the user credentials specified in its definitions: These credentials are used. This behavior regards also engine connections that are shared along with their user credentials.
If the user credentials are not specified in the engine connection: The credentials you specified when logging in to Dynamic Workload Console are used. This behavior regards also shared engine connections having unshared user credentials.

For detailed information about how to configure SSO using an LTPA token or an MP-JWT token, see How to configure the Dynamic Workload Console and the master domain manager for Single Sign-On.

To add feedback about this topic, select the following checkbox:

By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners Four, Inc. Contact this team at https://hcltechsw.com/resources/us-government-contact. Do not include any personal data in this Comment box. Note: To report a problem or question about the product software, do not use this form. Instead, go to the HCL Software Support site. Personal data should not be shared in this comment box. See our Privacy Statement to understand how personal data is used.