...
External realm users will have their passwords managed in the external realm, not in FlexDeploy.
...
New User Process
| Info |
|---|
A user account must exist in FlexDeploy even for external realm users. This is necessary so that users can control notification settings and administrators can provide additional security, if necessary. Administrators can create external realm users from the Users page, or external realm users can login and create their own account. When users defined in an external realm login successfully for the first time, they will be redirected to a new user page. There, the user is asked to verify various information like first name, last name, and email for their account. The password for such users is always managed by the external server. Once the user provides the necessary details, their account will be created, an automatic logout will occur, and the user will have to login one more time. At this point, the user will be granted access based on realm group mapping configured by an administrator, which is explained later in this document. If the new user isn’t mapped to any FlexDeploy groups at this point, they will be assigned the new user role configured on the System Settings page, if one exists. |
...
FlexDeploy provides features to map external directory server groups to FlexDeploy groups, which makes it very easy to manage FlexDeploy users in your environment. Fine-grained access to FlexDeploy features is still controlled by FlexDeploy groups, and by mapping external directory groups to FlexDeploy groups, you essentially control access to FlexDeploy features. You can configure FlexDeploy group permissions using the Permissions page and from the Security section of individual objects supporting object-level permissions (folders/projects, target groups, releases, etc.).
In order to set up group mapping, first make sure to enable group mapping from the realm’s group mapping tab and provide the group search base and filter. If you haven’t already loaded external groups for this realm or they need to be refreshed, click the Fetch External Groups button or the Refresh External Groups button.
...
Realm configuration changes including the mapping configuration require a recycle of the FlexDeploy server process, but changes to the groups being mapped do not require a recycle.
...
Examples
Apache Directory Server Realm
...
Active Directory Realm
...
FlexDeploy will use the User logon name (pre-Windows 2000) username instead of the normal one for active directory. See this picture for an example.
...
Using ldaps
A FlexDeploy realm can be configured to use ldaps protocol, which requires adding a server certificate to Java cacerts or the application server trust store.
...
. |
...
Login Flow with an External Realm
| Drawio | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
More information about realms in FlexDeploy
| Child pages (Children Display) | ||
|---|---|---|
|