Whenever new users are added to the portal server's LDAP user registry and those users need to have login access to Tivoli® Enterprise Portal or other participating SSO application such as, IBM® Dashboard Application Services Hub, you must create a Tivoli Enterprise Portal user ID for the user and map it to their LDAP distinguished name.
The Tivoli Enterprise Portal user ID should also be assigned Tivoli Enterprise Portal permissions and the monitoring applications that can be accessed. See Managing user IDs and Administer Users. The only Tivoli Enterprise Portal users who do not need any permissions or monitoring application assignments, are monitoring dashboard users who do not use the Tivoli Enterprise Portal client when authorization policies are used.
Scripting can be employed to maintain automated synchronization of LDAP user registry and Tivoli Enterprise Portal users. Scripts for managing the LDAP server's user accounts can ensure that modifications to user accounts (for example, users added or deleted) are also made for the corresponding Tivoli Enterprise Portal user ID via the tacmd createuser and tacmd deleteuser commands. Run your user synchronization script as a scheduled action as frequently as your environment requires to ensure your Tivoli Enterprise Portal and LDAP user registry users remain synchronized.