Configuring active directory as an authentication source

Learn to configure Active Directory as an authentication source in Analytics Content Hub.

About this task

Analytics Content Hub can be configured to use Active Directory (AD) authentication while the Analytics Content Hub server is domain-joined and part of the Active Directory.

Note: The Active Directory integration must be configured before users log in to Analytics Content Hub. If a user previously logged in to Analytics Content Hub before Active Directory was configured, contact the Customer Success team at IBM Support.
Important:

The first user to log in to Analytics Content Hub is the Super User. Ensure that the first user is the intended Super User before you complete the steps.

Procedure

  1. In the Services window, stop the AnalyticsContentHub-node1 service.
  2. In File Explorer, navigate to <install directory>\AnalyticsContentHub\app\node1\tomcat\bin.
    1. Right-click on the tomcat9w.exe file, then click Create shortcut.
    2. Drag the newly created tomcat9w.exe - Shortcut to the desktop.
  3. Right-click on the tomcat9w.exe - Shortcut.
    1. Click Properties.
    2. On the Shortcut tab, append //ES//AnalyticsContentHub-node1 to the Target and add a space before the appended string. Then click OK.
  4. Open the tomcat9w.exe - Shortcut from the desktop. Then click Yes.
    1. Open the Java tab.
    2. In the Java Options section, add -Dspring.profiles.active=ad_auth to the end of the list.
    3. Click OK.
  5. In the Services window, start the AnalyticsContentHub-node1 service.

Results

Analytics Content Hub is now configured to use Active Directory for authentication.

What to do next

Map your Active Directory (AD) Groups to Analytics Content Hub. In Analytics Content Hub you can create and update roles, and assign them to objects. Analytics Content Hub comes with a set of capabilities that are the building blocks of roles. The default Analytics Content Hub roles are:
  • Admin
  • Author
  • Consumer
  • Owner

Roles are a collection of capabilities and are used to control access to the various workspaces and pages that are created. Capabilities are used to restrict access to different aspects of Analytics Content Hub's functions. Follow the steps to map AD Groups to Analytics Content Hub roles.

Note: Create Groups in AD for admins, consumers, and authors and add the users to the appropriate groups before beginning.
  1. In Analytics Content Hub, click the avatar in the upper right corner and click Manage Analytics Content Hub.
  2. Click Security > Roles.
  3. Click the Admin row in the pane on the right and the Admin Details for the role opens.
    1. Click the Edit icon Edit in the AD Users/Groups to get this role section.
    2. Enter the AD Group information that is in the DOMAIN\GROUPNAME syntax.
    3. Click the checkmark icon checkmark to save the changes.
    4. Click outside the Role Details window or the X in the upper right corner to close the Role Details window.
  4. Repeat step 3 for the other roles.
  5. In the Services window, start the AnalyticsContentHub-node1 service.

Users in the Active Directory Groups for admins are now assigned an admin role in Analytics Content Hub. Users in other mapped groups are also granted dynamic access to those various roles.