LinkedIn
Copied!

Table of Contents

Configuring SSO and LDAP

Version:

Only available versions of this content are shown in the dropdown

Deployment Manager supports LDAP and Single Sign-On (SSO) authentication, and assigns user roles based on the configuration settings in the active directory and SSO.

In Deployment Manager, the users or operators (other than operators with the SuperAdmin role) must have an application associated with the user. For SSO or LDAP integration, you must map the applications for the operator to the accessibleApplications property. This property extends application accesses for each operator without SuperAdmin privileges. When using accessibleApplications property to specify multiple applications, the application must be comma separated (for example: App1, App2).

    To assign the attribute to an operator, perform the following steps:

  1. Create a new ruleset and create the property accessibleApplications. Set the class as Data-Admin-Operator-ID.

  2. Create a new application and only add the new ruleset created in Step 1 to the application stack.

    Adding an application ruleset to the application stack.
    Adding an application ruleset to the application stack.
  3. Create a new Access Group and provide access to the new application that you create in step 2. Provide this access group minimal access as this is assigned to an unauthenticated user.

    Limit the privileges for the access group.
    Limit the privileges for the access group.
  4. Add the Access Group to the Access Group Name field in the Browser Requestor Type screen.

    Identify the system name and modify the access group for Browser Requestor Type.
    Identify the system name and modify the access group for Browser
                                Requestor Type.
  5. Configure the LDAP or SSO authentication service to map attributes to the accessibleApplications property, as shown in the following figures:

    LDAP mapping

    Mapping LDAP attributes to the accessibleApplications property.
    Mapping LDAP attributes to the accessibleApplications
                                property.

    SSO mapping

    Mapping LDAP attributes to the accessibleApplications property.
    Mapping LDAP attributes to the accessibleApplications
                                property.
  6. To map applications externally, set dynamic system setting deploymentmanager/security/external_apps_mapping/enabled to True. If this is set to False, applications updated for operators in Deployment Manager will take precedence, and applications mentioned in the LDAP/SSO directory will not be applicable. For more information, see Dynamic system settings.

Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.