using-identity-federation.adoc

permalink	sidebar	keywords	summary
admin/using-identity-federation.html	sidebar	how to use identity federation, how to use federated groups with Grid Manager	Using identity federation makes setting up groups and users faster, and it allows users to sign in to StorageGRID using familiar credentials.

Use identity federation

Using identity federation makes setting up groups and users faster, and it allows users to sign in to StorageGRID using familiar credentials.

Configure identity federation for Grid Manager

You can configure identity federation in the Grid Manager if you want admin groups and users to be managed in another system such as Active Directory, Azure Active Directory (Azure AD), OpenLDAP, or Oracle Directory Server.

Before you begin

• You are signed in to the Grid Manager using a supported web browser.

• You have specific access permissions.

• You are using Active Directory, Azure AD, OpenLDAP, or Oracle Directory Server as the identity provider.

  Note	If you want to use an LDAP v3 service that is not listed, contact technical support.

• If you plan to use OpenLDAP, you must configure the OpenLDAP server. See Guidelines for configuring an OpenLDAP server.

• If you plan to enable single sign-on (SSO), you have reviewed the requirements and considerations for single sign-on.

• If you plan to use Transport Layer Security (TLS) for communications with the LDAP server, the identity provider is using TLS 1.2 or 1.3. See Supported ciphers for outgoing TLS connections.

About this task

You can configure an identity source for the Grid Manager if you want to import groups from another system such as Active Directory, Azure AD, OpenLDAP, or Oracle Directory Server. You can import the following types of groups:

• Admin groups. The users in admin groups can sign in to the Grid Manager and perform tasks, based on the management permissions assigned to the group.

• Tenant user groups for tenants that don’t use their own identity source. Users in tenant groups can sign in to the Tenant Manager and perform tasks, based on the permissions assigned to the group in the Tenant Manager. See Create tenant account and Use a tenant account for details.

Enter the configuration

Steps

1. Select CONFIGURATION > Access control > Identity federation. ../_include/identity_federation_configure_steps.adoc

Force synchronization with the identity source

../_include/identity_federation_force_sync_steps.adoc

Disable identity federation

../_include/identity_federation_disable_steps.adoc

Guidelines for configuring an OpenLDAP server

../_include/identity_federation_openldap_guidelines.adoc