You configure user authentication and choose an authentication method. Then, the configuration procedure depends on the web application server that you use.
You must configure authentication after the installer deploys the MobileFirst Server administration web applications in the web application server.
You must map the roles to the corresponding sets of users. The mfpmonitor role can view data but cannot change any data. The following tables list MobileFirst roles and functions for production servers.
Administrator | Deployer | Operator | Monitor | |
---|---|---|---|---|
Java EE security role. | mfpadmin | mfpdeployer | mfpoperator | mfpmonitor |
Deploy an application. | Yes | Yes | No | No |
Deploy an adapter. | Yes | Yes | No | No |
Administrator | Deployer | Operator | Monitor | |
---|---|---|---|---|
Java EE security role. | mfpadmin | mfpdeployer | mfpoperator | mfpmonitor |
Configure runtime settings. | Yes | Yes | No | No |
Administrator | Deployer | Operator | Monitor | |
---|---|---|---|---|
Java EE security role. | mfpadmin | mfpdeployer | mfpoperator | mfpmonitor |
Upload new MobileFirst application. | Yes | Yes | No | No |
Remove MobileFirst application. | Yes | Yes | No | No |
Upload new MobileFirst adapter. | Yes | Yes | No | No |
Remove MobileFirst adapter. | Yes | Yes | No | No |
Turn on or off application authenticity testing for an application. | Yes | Yes | No | No |
Change properties on MobileFirst application status: Active, Active Notifying, and Disabled. | Yes | Yes | Yes | No |
Basically, all roles can issue GET requests, the mfpadmin, mfpdeployer, and mfpmonitor roles can also issue POST and PUT requests, and the mfpadmin and mfpdeployer roles can also issue DELETE requests.
Administrator | Deployer | Operator | Monitor | |
---|---|---|---|---|
Java EE security role. | mfpadmin | mfpdeployer | mfpoperator | mfpmonitor |
GET requests
|
Yes | Yes | Yes | Yes |
POST and PUT requests
|
Yes | Yes | Yes | No |
DELETE requests
|
Yes | Yes | No | No |
Administrator | Deployer | Operator | Monitor | |
---|---|---|---|---|
Java EE security role. | mfpadmin | mfpdeployer | mfpoperator | mfpmonitor |
Disable the specific device, marking the state as lost or stolen so that access from any of the applications on that device is blocked. | Yes | Yes | Yes | No |
Disable a specific application, marking the state as disabled so that access from the specific application on that device is blocked. | Yes | Yes | Yes | No |
If you choose to use an authentication method through a user repository such as LDAP, you can configure the MobileFirst Server administration so that you can use users and groups with the user repository to define the Access Control List (ACL) of the MobileFirst Server administration. This procedure depends on the type and version of the web application server that you use.