diff --git a/docs/assets/images/admin/project-mapping/configuration-hw-mapping.png b/docs/assets/images/admin/project-mapping/configuration-hw-mapping.png new file mode 100644 index 000000000..642ce86e7 Binary files /dev/null and b/docs/assets/images/admin/project-mapping/configuration-hw-mapping.png differ diff --git a/docs/assets/images/admin/project-mapping/configuration-ldap-mapping.png b/docs/assets/images/admin/project-mapping/configuration-ldap-mapping.png new file mode 100644 index 000000000..cf32ce9da Binary files /dev/null and b/docs/assets/images/admin/project-mapping/configuration-ldap-mapping.png differ diff --git a/docs/assets/images/admin/project-mapping/configuration-oauth-mapping.png b/docs/assets/images/admin/project-mapping/configuration-oauth-mapping.png new file mode 100644 index 000000000..cf62caec4 Binary files /dev/null and b/docs/assets/images/admin/project-mapping/configuration-oauth-mapping.png differ diff --git a/docs/assets/images/admin/project-mapping/configuration-variables.png b/docs/assets/images/admin/project-mapping/configuration-variables.png new file mode 100644 index 000000000..2bb6ac173 Binary files /dev/null and b/docs/assets/images/admin/project-mapping/configuration-variables.png differ diff --git a/docs/assets/images/admin/project-mapping/create-hw-mapping.png b/docs/assets/images/admin/project-mapping/create-hw-mapping.png new file mode 100644 index 000000000..638851e4c Binary files /dev/null and b/docs/assets/images/admin/project-mapping/create-hw-mapping.png differ diff --git a/docs/assets/images/admin/project-mapping/create-ldap-mapping.png b/docs/assets/images/admin/project-mapping/create-ldap-mapping.png new file mode 100644 index 000000000..620911f2b Binary files /dev/null and b/docs/assets/images/admin/project-mapping/create-ldap-mapping.png differ diff --git a/docs/assets/images/admin/project-mapping/create-mapping.png b/docs/assets/images/admin/project-mapping/create-mapping.png deleted file mode 100644 index 3945e5d7f..000000000 Binary files a/docs/assets/images/admin/project-mapping/create-mapping.png and /dev/null differ diff --git a/docs/assets/images/admin/project-mapping/create-oauth-mapping.png b/docs/assets/images/admin/project-mapping/create-oauth-mapping.png new file mode 100644 index 000000000..f70ad08dc Binary files /dev/null and b/docs/assets/images/admin/project-mapping/create-oauth-mapping.png differ diff --git a/docs/assets/images/admin/project-mapping/edit-hw-mapping.png b/docs/assets/images/admin/project-mapping/edit-hw-mapping.png new file mode 100644 index 000000000..e5f0c44fb Binary files /dev/null and b/docs/assets/images/admin/project-mapping/edit-hw-mapping.png differ diff --git a/docs/assets/images/admin/project-mapping/edit-mapping.png b/docs/assets/images/admin/project-mapping/edit-mapping.png index ab2900740..274239f32 100644 Binary files a/docs/assets/images/admin/project-mapping/edit-mapping.png and b/docs/assets/images/admin/project-mapping/edit-mapping.png differ diff --git a/docs/assets/images/admin/project-mapping/group-to-project-mappings.png b/docs/assets/images/admin/project-mapping/group-to-project-mappings.png new file mode 100644 index 000000000..f53014cb5 Binary files /dev/null and b/docs/assets/images/admin/project-mapping/group-to-project-mappings.png differ diff --git a/docs/assets/images/admin/project-mapping/project-mapping-empty.png b/docs/assets/images/admin/project-mapping/project-mapping-empty.png index 51cc85808..1ca48fd36 100644 Binary files a/docs/assets/images/admin/project-mapping/project-mapping-empty.png and b/docs/assets/images/admin/project-mapping/project-mapping-empty.png differ diff --git a/docs/assets/images/admin/project-mapping/project-mappings.png b/docs/assets/images/admin/project-mapping/project-mappings.png deleted file mode 100644 index 1c4e68568..000000000 Binary files a/docs/assets/images/admin/project-mapping/project-mappings.png and /dev/null differ diff --git a/docs/setup_installation/admin/configure-project-mapping.md b/docs/setup_installation/admin/configure-project-mapping.md new file mode 100644 index 000000000..4844620b0 --- /dev/null +++ b/docs/setup_installation/admin/configure-project-mapping.md @@ -0,0 +1,79 @@ +# Configure group to project mapping + +## Introduction +A group-to-project mapping lets you automatically add all members of a Hopsworks group to a project, eliminating the need to add each user individually. To create a mapping, you simply select a Hopsworks group, choose the project it should be linked to, and assign the role that its members will have within that project. + +Once a mapping is created, project membership is controlled through Hopsworks group membership. Any updates made to the Hopsworks group—such as adding or removing users—will automatically be reflected in the project membership. For example, if a user is removed from the Hopsworks group, they will also be removed from the corresponding project. + +## Prerequisites + +1. Hopsworks group mapping sync enabled. This can be done by setting the variable ```hw_group_mapping_sync_enabled=true```. +See [Cluster Configuration](../variables.md) on how to change variable values in Hopsworks. +
+ + Enable Hopsworks mapping + +
Enable Hopsworks mapping
+
+ +If you can not find the variable ```hw_group_mapping_sync_enabled``` create it by clicking on **New variable**. + +
+ + Create Hopsworks mapping enabled variable + +
Create Hopsworks group mapping enabled variable
+
+ +### Step 1: Create a mapping +To create a mapping go to **Cluster Settings** by clicking on your name in the top right +corner of the navigation bar and choosing *Cluster Settings* from the dropdown menu. +In the _Project mapping_ tab, you can create a new mapping by clicking on _Create new mapping_. + +
+ + Project mapping tab + +
Project mapping
+
+ +This will take you to the create mapping page shown below +
+ + Create mapping + +
Create mapping
+
+ +Here you can enter your Hopsworks group and map it to a project from the _Project_ drop down list. +You can also choose the _Project role_ users will be assigned when they are added to the project. + +Finally, click on _Create mapping_ and go back to mappings. You should see the newly created mapping(s) as shown below. + +
+ + Project mappings + +
Project mappings
+
+ +### Step 2: Edit a mapping + +From the list of mappings click on the edit button (:material-pencil:). This will open a popup that will allow you to change the _group_, _project name_, and _project role_ of a mapping. + +
+ + Edit mapping + +
Edit mapping
+
+ +!!!Warning + Updating a mapping's _group_ or _project name_ will remove all members of the previous group from the project. + +### Step 3: Delete a mapping + +To delete a mapping click on the delete button. + +!!!Warning + Deleting a mapping will remove all members of that group from the project. \ No newline at end of file diff --git a/docs/setup_installation/admin/ldap/configure-project-mapping.md b/docs/setup_installation/admin/ldap/configure-project-mapping.md index 48da1f627..9d74129af 100644 --- a/docs/setup_installation/admin/ldap/configure-project-mapping.md +++ b/docs/setup_installation/admin/ldap/configure-project-mapping.md @@ -2,18 +2,30 @@ ## Introduction -A group to project mapping allows you to add members of your LDAP group to a project without having to -add each user manually. A mapping is created by specifying a group from LDAP that will be mapped to a project in -Hopsworks and what role the members of that group will be assigned in the project. +A group-to-project mapping lets you automatically add all members of an LDAP group to a project, eliminating the need to add each user individually. To create a mapping, you simply select the LDAP group, choose the project it should be linked to, and assign the role that its members will have within that project. -Once a mapping is created, project membership is managed by LDAP group membership. Any change to group membership in LDAP will be reflected -in Hopsworks i.e. removing a user from the LDAP group will also remove them from the project. +Once a mapping is created, project membership is controlled through LDAP group membership. Any updates made to the LDAP group—such as adding or removing users—will automatically be reflected in Hopsworks. For example, if a user is removed from the LDAP group, they will also be removed from the corresponding project. ## Prerequisites 1. A server configured with LDAP or Kerberos. See [Server Configuration for Kerberos](../configure-server/#server-configuration-for-kerberos) and [Server Configuration for LDAP](../configure-server/#server-configuration-for-ldap) for instructions on how to do this. 2. LDAP group mapping sync enabled. This can be done by setting the variable ```ldap_group_mapping_sync_enabled=true```. See [Cluster Configuration](../variables.md) on how to change variable values in Hopsworks. +
+ + Enable ldap mapping + +
Enable ldap mapping
+
+ +If you can not find the variable ```ldap_group_mapping_sync_enabled``` create it by clicking on **New variable**. + +
+ + Create ldap mapping enabled variable + +
Create ldap mapping enabled variable
+
### Step 1: Create a mapping To create a mapping go to **Cluster Settings** by clicking on your name in the top right @@ -29,20 +41,20 @@ In the _Project mapping_ tab, you can create a new mapping by clicking on _Creat This will take you to the create mapping page shown below
- - Create mapping + + Create mapping
Create mapping
-Here you can choose multiple Remote groups from your LDAP groups and map them to a project from the _Project_ drop down list. +Here you can choose from your LDAP groups and map them to a project from the _Project_ drop down list. You can also choose the _Project role_ users will be assigned when they are added to the project. Finally, click on _Create mapping_ and go back to mappings. You should see the newly created mapping(s) as shown below.
- - Project mappings + + Project mappings
Project mappings
@@ -59,8 +71,7 @@ Finally, click on _Create mapping_ and go back to mappings. You should see the n ### Step 2: Edit a mapping -From the list of mappings click on the edit button (:material-pencil:). This will make the row editable and allow you to change -the _remote group_, _project name_, and _project role_ of a mapping. +From the list of mappings click on the edit button (:material-pencil:). This will open a popup that will allow you to change the _remote group_, _project name_, and _project role_ of a mapping.
diff --git a/docs/setup_installation/admin/oauth2/configure-project-mapping.md b/docs/setup_installation/admin/oauth2/configure-project-mapping.md new file mode 100644 index 000000000..d718c6523 --- /dev/null +++ b/docs/setup_installation/admin/oauth2/configure-project-mapping.md @@ -0,0 +1,84 @@ +# Configure OAuth2 group to project mapping + +## Introduction +A group-to-project mapping lets you automatically add all members of an OAuth2 group to a project, eliminating the need to add each user individually. To create a mapping, you simply select an OAuth2 group, choose the project it should be linked to, and assign the role that its members will have within that project. + +Once a mapping is created, project membership is controlled through OAuth2 group membership. Any updates made to the OAuth2 group—such as adding or removing users—will automatically be reflected in Hopsworks. For example, if a user is removed from the OAuth2 group, they will also be removed from the corresponding project. + +## Prerequisites +1. A server configured with OAuth2. See [Register Identity Provider in Hopsworks](../create-client) for instructions on how to do this. +2. OAuth2 group mapping sync enabled. This can be done by setting the variable ```oauth_group_mapping_sync_enabled=true```. +See [Cluster Configuration](../variables.md) on how to change variable values in Hopsworks. +
+ + Enable OAuth2 mapping + +
Enable OAuth2 mapping
+
+ +If you can not find the variable ```oauth_group_mapping_sync_enabled``` create it by clicking on **New variable**. + +
+ + Create OAuth2 mapping enabled variable + +
Create OAuth2 mapping enabled variable
+
+ +### Step 1: Create a mapping +To create a mapping go to **Cluster Settings** by clicking on your name in the top right +corner of the navigation bar and choosing *Cluster Settings* from the dropdown menu. +In the _Project mapping_ tab, you can create a new mapping by clicking on _Create new mapping_. + +
+ + Project mapping tab + +
Project mapping
+
+ +This will take you to the create mapping page shown below +
+ + Create mapping + +
Create mapping
+
+ +Here you can enter your OAuth2 group and map it to a project from the _Project_ drop down list. +You can also choose the _Project role_ users will be assigned when they are added to the project. + +Finally, click on _Create mapping_ and go back to mappings. You should see the newly created mapping(s) as shown below. + +
+ + Project mappings + +
Project mappings
+
+ +!!!Note + Make sure the group names from your OAuth2 provider match the one you entered above. + + If your identity provider uses a claim name other than ```groups``` or ```roles``` to represent group information, be sure to specify that claim name in the **Group Claim** field when setting up your identity provider. + +### Step 2: Edit a mapping + +From the list of mappings click on the edit button (:material-pencil:). This will open a popup that will allow you to change the _remote group_, _project name_, and _project role_ of a mapping. + +
+ + Edit mapping + +
Edit mapping
+
+ +!!!Warning + Updating a mapping's _remote group_ or _project name_ will remove all members of the previous group from the project. + +### Step 3: Delete a mapping + +To delete a mapping click on the delete button. + +!!!Warning + Deleting a mapping will remove all members of that group from the project. \ No newline at end of file diff --git a/mkdocs.yml b/mkdocs.yml index c81851ed3..32b3a9bca 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -229,6 +229,7 @@ nav: - Project Management: setup_installation/admin/project.md - Configure Alerts: setup_installation/admin/alert.md - IAM Role Chaining: setup_installation/admin/roleChaining.md + - Configure Project Mapping: setup_installation/admin/configure-project-mapping.md - Monitoring: - Services Dashboards: setup_installation/admin/monitoring/grafana.md - Export metrics: setup_installation/admin/monitoring/export-metrics.md @@ -239,6 +240,7 @@ nav: - Register an Identity Provider: setup_installation/admin/oauth2/create-client.md - Create Okta Client: setup_installation/admin/oauth2/create-okta-client.md - Create Azure Client: setup_installation/admin/oauth2/create-azure-client.md + - Configure Project Mapping: setup_installation/admin/oauth2/configure-project-mapping.md - Configure LDAP/Kerberos: - Configure LDAP: setup_installation/admin/ldap/configure-ldap.md - Configure Kerberos: setup_installation/admin/ldap/configure-krb.md