Users and Roles¶
An account can have multiple users, and each user has a role that defines what they can see and do. When a new account is created, the first user has an admin role which allows that user to create and manage additional users for the account.
The following user roles are available:
|admin||admin users have full access to the account and can also manage other users and their access.|
|platform||platform users can all other resorces including Cloud Providers, Host Groups, Policies, Applications, and Environments, but cannot manage users.|
|devops||devops users can manage Applications and Environments. They do not have access to Cloud Providers, Host Groups, and Policies, and cannot manage users.|
|readonly||readonly users can view all data, but create, edit, or delete anything. This role is ideal for system accounts that collect and report data.|
Single Sign-On (SSO) with SAML¶
For Enterprise accounts, Nirmata supports Single Sign-On (SSO) with SAML 2.0. This feature allows enterprise administrators to manage their users in a secure and easy manner. For example, when an employee is on-boarded to, or leaves, the enterprise the administrators can enable, or disable, their account in a single place for all enterprise services. This feature also makes life easier for enterprise users as they can authenticate once, and access all enabled services without managing separate passwords and accounts.
SAML (Security Assertions Markup Language) is a protocol that defines how systems can exchange security data. The following references are useful in understanding SAML:
The SAML protocol is defined at: Security Assertion Markup Language (SAML) V2.0 Technical Overview - OASIS.
Although SAML is a complex protocol, Nirmata makes it extremely easy to setup and manage. Here are the detailed steps:
- In your Account view (Settings -> Account) select the option “Enable Single Sign-On with SAML”:
2. This option provides a dialog where you can upload the SAML metadata file of your Identity Provider (IdP) e.g. ADFS 3.0. Or, you can manually configure your IdP settings.
SAML IdP Metadata import:
SAML IdP manual configuration:
- Next, export your accounts’ Nirmata SAML Service Provider (SP) metadata and import that into your IdP. To export the SP Metadata go to Settings - SAML 2.0 and click on the View SP Metadata option. You can then copy the metadata or download it to a file.
Thats it! You now have SAML fully configured!
Nirmata allows you to control which accounts use SAML. This provides a lot of flexibility and control, especially for service accounts and other temporary users. You can select the IdP for a user when you add the user, or can edit the settings at anytime.