Setting Identity Management

The Identity Management section of Properties allows defining an overriding identity management system (IDSYS) that authenticates the users of the specific tenant or domain.

Authenticating at this more granular level enables enforcing context-specific control, such as to:

  • Authenticating client's users so they can be granted access within the customer's designated tenant area only

  • Authenticate a managed group of users for a specific domain, such as for a business function, division, or region

See https://perifery.atlassian.net/wiki/spaces/public/pages/2443816807.

Defining a New IDSYS

By default, every tenant inherits the root configuration, and every domain inherits from its parent tenant. Create a custom configuration by disabling (unchecking) Inherit

Important

Once Inherit is disabled, all connection to IDSYS changes occurring at the higher levels is ended until Inherit is enabled again.

From the Templates drop-down list, copy existing definitions to alter. Changes do not affect the originals.

Tip

Select Revert to restore the last saved script if enabling Inherit removed the initial script.

Scripts are validated in real time:

Testing the Identity Configuration

To test the identity management configuration, click Test, enter a user name and password pair, and then click Test.

Best Practice

Test invalid as well as valid user name and password pairs.

Defining SSO (SAML)

With Gateway 7.1 and Content UI 7.0 and higher, enable single sign-on for tenants and/or domains to access the Content UI through a third-party identity provider. See https://perifery.atlassian.net/wiki/spaces/public/pages/2443816877. (v7.0)

The starter SAML script populates in the editing box when SAML is selected from Templates. Once the entity field is assigned and is updated with values from an identity provider (such as Google), the Identity Provider (IdP) Resources below the box has meaningful values that help complete the SSO setup with IdP:

Open the link, Service Provider Attributes. Open the Service Provider Metadata XML file if the IdP cannot import.

© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.