Configuring provisioning for Red Hat OpenShift
Use this task to provision users from Verify to a Red Hat OpenShift application.
Before you begin
- A Red Hat OpenShift Instance URL and token.
- A Red Hat OpenShift user with a cluster-admin role.
- A Red Hat OpenShift REST API server that is running on port 443.
- A Red Hat OpenShift server with a CA signed certificate that is installed.
About this task
Provisioning provides the following features.
- Create new users
- New users that are created through Verify are also created in the Red Hat OpenShift application.
- Delete users
- Deactivating the user or disabling the user's access to the application through Verify deletes the user in the Red Hat OpenShift application.
- Modify user profile
- Updates made to the user's profile through Verify are pushed to the Red Hat OpenShift application.
- User suspend and restore
- User suspend and restore is not supported in Red Hat OpenShift applications.
- User synchronization and remediation
- The Red Hat OpenShift application supports user synchronization, remediation, and group
synchronization features.
User synchronization fetches all the target application users in Verify and matches the fetched users with users in Verify. The adoption policy that is defined on the application specifies the matching attributes for adoption of the reconciled users.
Remediation policy can be configured to remediate user accounts with attribute values that differ between Verify and the target application. Verify supports the following three remediation policies.- NONE - Do not remediate non-compliant accounts automatically.
- ON_SV - Update Verify account attribute values with the target application values.
- ON_TARGET - Update target application account attribute values with Verify values.
Group synchronization fetches all the target application groups in Verify.
- Fine grained entitlement
- Fine grained entitlement is supported for the Red Hat OpenShift application. Synchronization fetches all of the Red Hat OpenShift application groups. Users can be added to or removed from groups.