Deployment Manager supports LDAP and Single Sign-On (SSO) authentication, and assigns user roles based on the configuration settings in the active directory and SSO.
- Create a new ruleset and create the property accessibleApplications. Set the class as Data-Admin-Operator-ID.
- Create a new application and only add the new ruleset created in Step 1 to the application stack.
- Create a new Access Group and provide access to the new application that you create in step 2. Provide this access group minimal access as this is assigned to an unauthenticated user.
- Add the Access Group to the Access Group Name field in the Browser Requestor Type screen.
- Configure the LDAP or SSO authentication service to map attributes to the
accessibleApplications property, as shown in the
- To map applications externally, set dynamic system setting deploymentmanager/security/external_apps_mapping/enabled to True. If this is set to False, applications updated for operators in Deployment Manager will take precedence, and applications mentioned in the LDAP/SSO directory will not be applicable. For more information, see Dynamic system settings.
To assign the attribute to an operator, perform the following steps: