Configuring Red Hat OpenShift authentication on IBM Cloud

You can log in to IBM Security QRadar® Suite Software by using Red Hat® OpenShift® Kubernetes Service (ROKS) authentication if your installation meets the required conditions for Red Hat OpenShift authentication on IBM Cloud®.

Before you begin

Understand the information in Users and accounts.

About this task

You must be an Red Hat OpenShift administrator for the cluster.

If you did not set ROKS authentication during installation, complete step 1.

Warning: Do not add a user with the username admin to your identity provider, as that might cause issues with other services on your cluster.
Important: Non-admin users are unable to configure Red Hat OpenShift or SAML authentication.

Procedure

  1. Enable ROKS authentication in QRadar Suite Software.
    1. Log in to the cluster's Red Hat OpenShift console.
    2. In the project field, select the namespace where QRadar Suite Software is installed.
    3. Click Installed Operators.
    4. Click the IBM Cloud Pak for Security operator.
    5. On the Threat Management tab, click threatmgmt.
    6. Click YAML.
    7. Change the roksAuthentication parameter value to true.
    8. Click Save.

    Some sequences and pods must restart, so it might take approximately 20 minutes for the update to complete.

  2. Enable users to log in to QRadar Suite Software with ROKS authentication by following the instructions that are provided in IBM Cloud documentation, Controlling user access with IBM Cloud IAM and Kubernetes RBAC.
    1. Grant users access to the IBM Cloud account that is associated with the QRadar Suite Software cluster.
      After you invite users to add them to the account, they receive an email with an invitation to access IBM Cloud.
    2. Set IBM Cloud IAM platform access and service access policies in the IBM Cloud console or command-line interface so that users can work with clusters in IBM Cloud Kubernetes Service.
      Platform access role
      Grants access to IBM Cloud Kubernetes Service so that users can manage infrastructure resources such as clusters, worker nodes, worker pools, Ingress application load balancers, and storage. For QRadar Suite Software users, select the Viewer option for both platform access and resource group access.
      Service access role
      Grants access to the Kubernetes API from within a cluster so that users can manage Kubernetes resources such as pods, deployments, services, and namespaces. For QRadar Suite Software users, select the Reader option.
      Important: When you select roles for the access policy, you must assign platform and service roles separately.
  3. Add each user in the Red Hat OpenShift cluster and associate the user with their IAM ID.
    1. Add a user in the Red Hat OpenShift cluster by typing the following command. 
      oc create user "IAM#<email_address>" -—full-name="<full_name>"
    2. Add the IAM identity of the user in the Red Hat OpenShift cluster by typing the following command. 
      oc create identity "IAM:<iam_ID>"
    3. Map the user to their IAM identity in the Red Hat OpenShift cluster by typing the following command. 
      oc create useridentitymapping "IAM:<iam_ID>" "IAM#<email_address>"

What to do next

Verify ROKS authentication as the initial identity provider by logging in as the initial user to QRadar Suite Software.

If you configure ROKS authentication as an extra identity provider, verify it by assigning ROKS authentication to a QRadar Suite Software account and adding the users that you enabled for ROKS authentication.