Once the identity mappings are stored, you can authorize users to access the automated sign-on sessions. Access can be assigned to individuals or groups.
In the MSS Administrative Console, click Assign Access.
Verify the Domain. Enter the name of a user or a group (or enter *) in the Search box. Click Search.
Select a user or group, and check the automated sign-on sessions that they are entitled to access.
Next to the selected session, click Edit. Select the source of the mainframe user name.
NOTE:If you are using a secondary LDAP server, select the method you set for the Search filter.
Derive from UPN
Get LDAP attribute value from authenticating directory
Get LDAP attribute value from secondary directory using search filter
Do not use Literal value for production. See Help for more information.
If you configured more than one DCAS server, select or verify the one to use for this assignment.
Click OK.
To confirm your entries, click Currently Assigned in the navigation panel.
Now, you are ready for the final step: 12. Deploy automated sign-on sessions to users