Adding MS Active Directory for role-based access control

Detailed information can be found in the ContainerX install and administration guide

Prerequisites

CX Management platform supports Role-based Access Control (RBAC) and can integrate with existing LDAP providers for authentication of users and authorization of resources based on defined roles. We currently support Windows Active Directory (tested with Windows Server 2012R2 AD DS) only. Currently, LDAP access is configured for administrator access, DevOps LDAP access can be assigned for authentication, but not assign Container Pool access.

 

Following prerequisites are required for AD configuration:

  1. A service account that provides search capability against the server. This account can have read-only access since CX management platform doesn’t perform any writes against AD server.
  2. For secure connections, AD server should be configured with a certificate (see https://support.microsoft.com/en-us/kb/321051 for example on how to accomplish that). Additionally, Windows AD configuration should support STARTTLS option, which allows switching to TLS after a connection has been established. CX does not support the LDAPS protocol.

Currently, LDAP access is configured for administrator access, DevOps LDAP access can be assigned for authentication, but not assign Container Pool access.

LDAP Configuration

  1. Logged in as user “Admin” click the “Administrator” drop down and select “User Management”
  2. Then select the “LDAP” tab to configure account access.

  1. LDAP authentication is performed using a service account that can access the LDAP database and query for user accounts. Click on the gears icon and complete the pop-out for LDAP service account.

  1. Select the “NEW MAPPINGS” button to assign an LDAP group to a CX role. Complete the pop-out with an LDAP group DN for access.

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.