permalink | sidebar | keywords | summary |
---|---|---|---|
admin/using-identity-federation.html |
sidebar |
how to use identity federation, how to use federated groups with Grid Manager |
Using identity federation makes setting up groups and users faster, and it allows users to sign in to StorageGRID using familiar credentials. |
Using identity federation makes setting up groups and users faster, and it allows users to sign in to StorageGRID using familiar credentials.
You can configure identity federation in the Grid Manager if you want admin groups and users to be managed in another system such as Active Directory, Azure Active Directory (Azure AD), OpenLDAP, or Oracle Directory Server.
-
You are signed in to the Grid Manager using a supported web browser.
-
You have specific access permissions.
-
You are using Active Directory, Azure AD, OpenLDAP, or Oracle Directory Server as the identity provider.
NoteIf you want to use an LDAP v3 service that is not listed, contact technical support. -
If you plan to use OpenLDAP, you must configure the OpenLDAP server. See Guidelines for configuring an OpenLDAP server.
-
If you plan to enable single sign-on (SSO), you have reviewed the requirements and considerations for single sign-on.
-
If you plan to use Transport Layer Security (TLS) for communications with the LDAP server, the identity provider is using TLS 1.2 or 1.3. See Supported ciphers for outgoing TLS connections.
You can configure an identity source for the Grid Manager if you want to import groups from another system such as Active Directory, Azure AD, OpenLDAP, or Oracle Directory Server. You can import the following types of groups:
-
Admin groups. The users in admin groups can sign in to the Grid Manager and perform tasks, based on the management permissions assigned to the group.
-
Tenant user groups for tenants that don’t use their own identity source. Users in tenant groups can sign in to the Tenant Manager and perform tasks, based on the permissions assigned to the group in the Tenant Manager. See Create tenant account and Use a tenant account for details.
-
Select CONFIGURATION > Access control > Identity federation. ../_include/identity_federation_configure_steps.adoc