Authentication

When you sign in to Decision Center, you are associated with one of the predefined roles. Each role determines the parts of the user interface that are available in the Decision Center console. Different roles are assigned different levels of security, and the security access of users, or groups of users, can be controlled by assigning them to specific roles.

Granting access to Decision Center can be implemented by using the ldapRegistry feature in WebSphere Liberty to integrate your user registry in the LDAP directory.

A user registry stores user account information, such as user ID and password, and retrieves information about users and groups for security-related functions. LDAP directories are the most commonly used source of user and group data storage.

Note: Operational Decision Manager supports single sign-on (SSO) with OpenID Connect. Security Assertion Markup Language (SAML) is not supported.

You can create as many groups as you need to organize your users in Decision Center. When you create a group, or import a group from the LDAP server, you place the users into groups, and then assign the groups to the roles. It is not possible to map a user to a role directly.

For more information about configuration properties of ldapRegistry, see LDAP User Registry (ldapRegistry) External link opens a new window or tab in the WebSphere Liberty documentation.