About the Console

Content Platform Tenant Management Help

File Size
4269 KB
Part Number

Console access

To use the Tenant Management Console, you need either:

  • A user account defined in HCP (either locally authenticated or RADIUS authenticated).
  • If the tenant is configured to support Windows Active Directory (AD) authentication, an AD user account for a user that belongs to one or more AD groups for which corresponding group accounts are defined in HCP. In this book, such an Active Directory user account is referred to as a recognized AD user account.

The HCP user account or group accounts specify what you have permission to do in the Console. The menu options, pages, and panels you see in the Console depend on your permissions.

If an AD user belongs to multiple AD groups for which HCP group accounts exist, that user has all the permissions associated with all those group accounts.

Console sessions

A Tenant Management Console session begins when you take one of these actions:

  • Log into the Console using an HCP user account or recognized AD user account.
  • Access a Console page while logged in to Windows with a recognized AD user account. This is called single sign-on. With single sign-on, you don’t need to explicitly log into the Console.

    For single sign-on to work, your web browser must be configured to support it.

A session ends when you log out. During a session, you can perform any actions for which you have permission.

During a session, if you don’t take any action for a certain amount of time, the Console displays the Idle Timeout page. If you explicitly logged in to the session, the Console automatically logs you out and, when you click any tab on the Idle Timeout page, displays the login page. If you started the session by using single sign-on, when you click any tab, the Console displays the requested page. The exact amount of idle time allowed is configurable.

If you’ve granted HCP system-level users administrative access to the tenant, they can access the Tenant Management Console directly from the HCP System Management Console. Doing so does not start a Tenant Management Console session. Rather, it continues the current System Management Console session, and the configured idle time for that Console applies.

HCP management API

HCP includes a RESTful HTTP interface to a subset of its administrative functions. Using this interface, called the management API, you can modify your tenant and create, modify, and delete namespaces, user and group accounts, and content classes for the tenant. Additionally, you can create, modify, and delete retention classes for the tenant's namespaces.

You use the Tenant Management Console to enable the management API at the tenant level. For the API to be available, however, it must also be enabled at the system level.

To use the management API, you need a user account that includes the applicable permissions for the actions you want to take.

If the tenant is configured to support Active Directory authentication, applications can also use recognized AD user accounts to access HCP through the management API. To do this, however, an application must use the SPNEGO protocol or the AD authentication header to negotiate the AD user authentication itself. For more information about SPNEGO, see http://tools.ietf.org/html/rfc4559. To provide credentials using the Active Directory authorization header, you use this format:

Authorization: ADAD-username:AD-password