Managing Users with the Identity Broker
The Identity Broker enables you to manage AtScale users, as well as configure and assign user groups and roles.
If you are running AtScale in a test environment, you can manage users with the Identity Broker alone. In this case, you must manually add users and configure their passwords as described below.
For production environments, AtScale recommends connecting the Identity
Broker to your organization's IdP or LDAP server. When managing users
via one of these options, users are automatically added to the Identity
Broker the first time they log in to AtScale. They are also
automatically added to the everyone
group, which assigns them the
query_user
role. If you need additional groups to manage your users,
or need to assign them additional roles, you must do so manually within
the Identity Broker, as described below.
Add Users
To add AtScale users via the Identity Broker:
-
Open the main menu and select Security. The Identity Broker opens.
-
Log in using your AtScale admin username and password.
-
Select the atscale realm if it is not already selected.
-
In the left-hand navigation, click Users. The Users page opens.
-
Click Add User.
-
Define user details as needed.
-
(Optional) By default, the new user will be added to the
everyone
group. If you need to add them to other groups:- In the Groups field, click Join Groups.
- Select the groups you want to add the user to, then click Join.
-
Click Save.
Configure User Passwords
Once you have added users, you should configure passwords for them.
To configure user passwords:
- Log in to the Identity Broker and select the atscale realm.
- In the left-hand navigation, click Users. The Users page opens.
- Select a user, then click the Credentials tab.
- Click Set Password and enter a password for the user.
- (Optional) Enable the Temporary option to require the user to change their password the next time they log in.
- Click Save.
Assign Roles
Before users can do anything in AtScale, they must be assigned roles. A role is a grouping of system permissions, allowing you to grant sets of permissions to users at the same time.
The Identiy Broker contains the following roles by default:
admin
: Enables users to access the AtScale Control Center, where engine settings, the Identity Broker, and other system configurations are managed.query_user
: Enables users to access Design Center and query model data from BI tools.
All users are assigned the query_user
role automatically via the
everyone
group. If you need to assign the admin
role to anyone, you
must do so manually.
To assign user roles:
- Log in to the Identity Broker and select the atscale realm.
- In the left-hand navigation, click Users. The Users page opens.
- Click on the user you want to assign roles to, then select the Role mapping tab.
- Click Assign Role.
- Select the roles you want to assign to the user, then click Assign.
Create Groups
Groups allow you to grant runtime permissions to your users in bulk, rather than one user at a time.
By default, all users are added to the everyone
group. You should
create additional groups and add users to them as needed.
To create user groups:
- Log in to the Identity Broker and select the atscale realm.
- In the left-hand navigation, click Groups. The Groups page opens.
- Click Create group.
- Enter a name for the group, then click Create.
- Click the group name and define group details as needed.
To assign groups to users:
- Log in to the Identity Broker and select the atscale realm.
- In the left-hand navigation, click Users. The Users page opens.
- Click a user in the list, then click the Groups tab.
- Click Join Group
- Select the groups you want to add the user to, then click Join.