As an administrator, you are responsible for determining and implementing the best approach for authenticating and managing users.
Identity provider connections
User records are stored in an internal repository database. However, you are recommended to use an enterprise-grade password management solution through identity provider connection, such as an LDAP server for password management. To connect to an identity provider, use the Identity and Access Management (IAM) service. You can open the IAM service from the User management page, by clicking Configure identity provider. For more information about connecting to an LDAP provider with the IAM service, see Configuring LDAP connections.
If you configure an identity provider connection to an LDAP server, ensure that you grant administrator privileges to a user in your LDAP server.
An administrator can manage the permissions that users and groups have on the platform. However, users might need more permissions.
A user can have multiple roles. The roles can be assigned directly to a user or can be assigned to the user through a user group. If a user has multiple roles, the user has all of the permissions from all of the roles that are assigned to them.
- You can see all of the roles (and permissions) that a user has from the user's profile page, which you can access from the User management page, on the Users tab.
- If you update a user's role or their group membership and the user is logged in, the user must log out and log back in for the changes to take effect. If the user does not log out, their session will be refreshed after the session times out.
Before you add users to the platform, consider the following questions:
- Do you want to use an LDAP server to manage users' passwords?
- Do you want to use an LDAP server to manage access to the platform?
- Do you want to use user groups to manage users with similar access requirements?
- Do you want to be able to add all of the users in an LDAP group to a user group?
- Do the default roles meet your business requirements?
View the appropriate topic for more information about managing users: