| permalink | sidebar | keywords | summary |
|---|---|---|---|
tenant/using-identity-federation.html |
sidebar |
how to use identity federation, how to use federated groups with Tenant Manager |
Using identity federation makes setting up tenant groups and users faster, and it allows tenant users to sign in to the tenant account using familiar credentials. |
Using identity federation makes setting up tenant groups and users faster, and it allows tenant users to sign in to the tenant account using familiar credentials.
You can configure identity federation for the Tenant Manager if you want tenant groups and users to be managed in another system such as Active Directory, Azure Active Directory (Azure AD), OpenLDAP, or Oracle Directory Server.
-
You are signed in to the Tenant Manager using a supported web browser.
-
You belong to a user group that has the Root access permission.
-
You are using Active Directory, Azure AD, OpenLDAP, or Oracle Directory Server as the identity provider.
NoteIf you want to use an LDAP v3 service that is not listed, contact technical support. -
If you plan to use OpenLDAP, you must configure the OpenLDAP server. See Guidelines for configuring OpenLDAP server.
-
If you plan to use Transport Layer Security (TLS) for communications with the LDAP server, the identity provider must be using TLS 1.2 or 1.3. See Supported ciphers for outgoing TLS connections.
Whether you can configure an identity federation service for your tenant depends on how your tenant account was set up. Your tenant might share the identity federation service that was configured for the Grid Manager. If you see this message when you access the Identity Federation page, you can’t configure a separate federated identity source for this tenant.
When you configure identify federation, you provide the values StorageGRID needs to connect to an LDAP service.
-
Select ACCESS MANAGEMENT > Identity federation. ../_include/identity_federation_configure_steps.adoc