Configuring SSO and LDAP
Deployment Manager supports LDAP and Single Sign-On (SSO) authentication, and assigns users roles based on the configuration settings in the active directory and SSO.
When a role other than SuperAdmin is specified for an operator, an application must be provided. Applications needed for the operator must be mapped to the accessibleApplications property when configuring LDAP and SSO. This property extends application accesses for each operator without SuperAdmin privileges. To assign the attribute to an operator, you must create the accessibleApplications property and provide the unauthenticated user access to the property.
Create a new ruleset and create the property accessibleApplications. Set the class as Data-Admin-Operator-ID.
Create a new application and add the ruleset above in the application stack.
Create a new Access Group and provide access to the new application that you create in step 2.
Add the Access Group to the Access Group Name field in the Browser Requestor Type screen.Configure the LDAP or SSO authentication service to map attributes to the accessibleApplications property, as shown in the following figures:
To map applications externally, set dynamic system setting PegaDevopsShared • deploymentmanager/security/external_apps_mapping/enabled to True. If this is set to False, applications updated for operators in Deployment Manager will take precedence, and applications mentioned in the LDAP/SSO directory will not be applicable.