Skip to main content

Managing Users with the Identity Broker

The Identity Broker enables you to manage AtScale users, as well as configure and assign user groups and roles.

If you are running AtScale in a test environment, you can manage users with the Identity Broker alone. In this case, you must manually add users and configure their passwords as described below.

For production environments, AtScale recommends connecting the Identity Broker to your organization's IdP or LDAP server. When managing users via one of these options, users are automatically added to the Identity Broker the first time they log in to AtScale. They are also automatically added to the everyone group, which assigns them the query_user role. If you need additional groups to manage your users, or need to assign them additional roles, you must do so manually within the Identity Broker, as described below.

Add Users

To add AtScale users via the Identity Broker:

  1. Open the main menu and select Security. The Identity Broker opens.

  2. Log in using your AtScale admin username and password.

  3. Select the atscale realm if it is not already selected.

  4. In the left-hand navigation, click Users. The Users page opens.

  5. Click Add User.

  6. Define user details as needed.

  7. (Optional) By default, the new user will be added to the everyone group. If you need to add them to other groups:

    1. In the Groups field, click Join Groups.
    2. Select the groups you want to add the user to, then click Join.

  8. Click Save.

Configure User Passwords

Once you have added users, you should configure passwords for them.

To configure user passwords:

  1. Log in to the Identity Broker and select the atscale realm.
  2. In the left-hand navigation, click Users. The Users page opens.
  3. Select a user, then click the Credentials tab.
  4. Click Set Password and enter a password for the user.
  5. (Optional) Enable the Temporary option to require the user to change their password the next time they log in.
  6. Click Save.

Assign Roles

Before users can do anything in AtScale, they must be assigned roles. A role is a grouping of system permissions, allowing you to grant sets of permissions to users at the same time.

The Identiy Broker contains the following roles by default:

  • admin: Enables users to access the AtScale Control Center, where engine settings, the Identity Broker, and other system configurations are managed.
  • query_user: Enables users to access Design Center and query model data from BI tools.

All users are assigned the query_user role automatically via the everyone group. If you need to assign the admin role to anyone, you must do so manually.

To assign user roles:

  1. Log in to the Identity Broker and select the atscale realm.
  2. In the left-hand navigation, click Users. The Users page opens.
  3. Click on the user you want to assign roles to, then select the Role mapping tab.
  4. Click Assign Role.
  5. Select the roles you want to assign to the user, then click Assign.

Create Groups

Groups allow you to grant runtime permissions to your users in bulk, rather than one user at a time.

By default, all users are added to the everyone group. You should create additional groups and add users to them as needed.

To create user groups:

  1. Log in to the Identity Broker and select the atscale realm.
  2. In the left-hand navigation, click Groups. The Groups page opens.
  3. Click Create group.
  4. Enter a name for the group, then click Create.
  5. Click the group name and define group details as needed.

To assign groups to users:

  1. Log in to the Identity Broker and select the atscale realm.
  2. In the left-hand navigation, click Users. The Users page opens.
  3. Click a user in the list, then click the Groups tab.
  4. Click Join Group
  5. Select the groups you want to add the user to, then click Join.