Managing IBM Software Hub Control Center users
As an IBM Software Hub Control Center (Control Center) administrator, you are responsible for determining and implementing the best approach for authenticating and managing Control Center users.
By default, only the default administrator (cpadmin) can access Control Center. If you want to enable other
users to access Control Center,
you must configure an identity provider.
Control Center uses the IBM Cloud Pak foundational services Identity Management Service.
- OIDC-based authentication
- SAML-based authentication
- OIDC-based authentication
-
If you choose OIDC authentication, you must connect an LDAP directory to the cluster where Control Center is installed.
For details, see Configuring LDAP connection in the IBM Cloud Pak foundational services documentation:Ensure that you grant IBM Software Hub Control Center administrative privileges to a user in your LDAP server.
After you grant an LDAP user administrative privileges, you can further secure your Control Center system by disabling the default administrator user account. For details, see Disabling the default IBM Software Hub Administration Console administrator.
You can also optionally configure single sign-on using OIDC. For more information, see Configuring single sign-on using OpenID Connect in the IBM Cloud Pak foundational services documentation: - SAML-based authentication
-
The Identity Management Service can be configured as a SAML service provider, which allows federated authentication with an external SAML 2.0 identity provider. When you configure SAML SSO, the Identity Management Service redirects users to an SSO login page, and OIDC issues you a bearer token.
If you choose SAML authentication, you must configure single sign-on with your enterprise identity source. For details, see Configuring single sign-on using SAML in the IBM Cloud Pak foundational services documentation: