Identity provider configuration settings

Content Platform for Cloud Scale Administration Guide

Version
2.6.x
File Size
1945 KB
Audience
anonymous
Part Number
MK-HCPCS008-10

The following sections describe the configuration settings for each type of identity provider that the system supports.

All types

Security Realm Name - The name by which to identify this identity provider in the system. The name appears as an option in the Security Realm list on Admin App login pages.

Tip: To ensure that users can easily log into the system, pick security realm names that users will recognize and understand.

Active Directory

  • Identity Provider Hostname - Host name or IP address for the identity provider.
  • Transport Security - The protocol to use for securing communications between the system and the identity provider. Options are:
    • None
    • TLS Security (Transport Layer Security)
      • Use Suffix For Hostname Verification - When enabled, if the client host name doesn’t match the certificate host name, host name verification will instead verify whether the ending of the client host name matches the provided suffix.
        Warning: This option can impact security and should only be enabled if the client host name is expected to differ from the certificate host name.
      • Hostname Suffix - The suffix used for host name verification if the default host name verification fails.
    • SSL (Secure Sockets Layer)
    Note: When selecting TLS Security, the setting Use Suffix For Hostname Verification appears.
  • Identity Provider Host Port - Network port used to communicate with the identity provider. The default value depends on the Transport Security setting:
    • For None or TLS Security (Transport Layer Security), 389
    • For SSL (Secure Sockets Layer), 636
  • User Name - A user account on the identity provider. The system uses this user account to read information from the identity provider.
  • Password - The user account password.
  • Domain - The AD domain in which the user account is defined.
    Note: Use the short name for the AD domain. For example, use MYACTIVEDIRECTORY instead of MYACTIVEDIRECTORY.local.
  • Search Base DN - The distinguished name (DN) of the identity provider location where you want the system to begin its searches for users and groups.

    For example, if you specify a value of OU=Users,DC=corp,DC=example,DC=com, the system searches for users and groups in the organization unit called Users in the corp.example.com domain.

  • Default Domain Name - The default domain for users logging into the Admin App and Search App. For example, if you specify a default domain name of east.example.com, the user jdoe@east.example.comneeds to specify only jdoe when logging into either app.

LDAP Compatible

  • Identity Provider Hostname - Host name or IP address for the identity provider.
  • Transport Security - The protocol to use for securing communications between the system and the identity provider. Options are:
    • None
    • TLS Security (Transport Layer Security)
      • Use Suffix For Hostname Verification - When enabled, if the client host name doesn’t match the certificate host name, host name verification verifies whether the ending of the client host name matches the provided suffix.
        CAUTION:
        This option can impact security and should only be enabled if the client host name is expected to differ from the certificate host name.
      • Hostname Suffix - The suffix used for host name verification if the default host name verification fails.
    • SSL (Secure Sockets Layer)
  • Identity Provider Host Port - Network port used to communicate with the identity provider. The default value depends on the Transport Security setting:
    • For None or TLS Security (Transport Layer Security), 389
    • For SSL (Secure Sockets Layer), 636
  • User Name - A user account on the identity provider. Your system uses this account to read information from the identity provider.
  • Password - The user account password.
  • User DN Template - A template on the LDAP server. When a user logs into their system, the provided username is inserted into this template to determine the user's LDAP distinguished name (DN).
  • Unique ID - The unique identifier of this user on this identity provider (for example, an entryUUID).
  • Member Name Attribute - The name of the attribute that each group on the identity provider uses to list its members.
  • Search Base DN - The distinguished name (DN) of the identity provider location where you want the system to begin searching for users and groups.

    For example, if you specify a value of OU=Users,DC=corp,DC=example,DC=com, the system searches for users and groups in the organization unit called Users in the corp.example.com domain.

  • Group Object Class - The objectClass value for groups on the LDAP server.

OpenLDAP and 389 Directory Server

  • Identity Provider Hostname - Host name or IP address for the identity provider.
  • Transport Security - The protocol to use for securing communications between the system and the identity provider. Options are:
    • None
    • TLS Security (Transport Layer Security)
      • Use Suffix For Hostname Verification - When enabled, if the client host name doesn’t match the certificate host name, host name verification verifies whether the ending of the client host name matches the provided suffix.
        Warning: This option can impact security and should only be enabled if the client host name is expected to differ from the certificate host name.
      • Hostname Suffix - The suffix used for host name verification if the default host name verification fails.
    • SSL (Secure Sockets Layer)
  • Identity Provider Host Port - Network port used to communicate with the identity provider. The default value depends on the Transport Security setting:
    • For None or TLS Security (Transport Layer Security), 389
    • For SSL (Secure Sockets Layer), 636
  • User Name - The distinguished name of the user or role, used by HCP for cloud scale to query the identity provider.
  • Password - The user account password.
  • User DN Template - A template on the LDAP server. When a user logs into their system, the provided username is inserted into this template to determine the user's LDAP distinguished name (DN).
  • Unique ID - The unique identifier of this user on this identity provider (for example, an entryUUID).
  • Member Name Attribute - The name of the attribute that each group on the identity provider uses to list its members.
  • Search Base DN - The distinguished name (DN) of the identity provider location where you want the system to begin searching for users and groups.

    For example, if you specify a value of OU=Users,DC=corp,DC=example,DC=com, the system searches for users and groups in the organization unit called Users in the corp.example.com domain.