Introduction
- JS7 offers integration with HashiCorp® Vault authentication server.
- The Vault Identity Service integration available from JOC Cockpit:
- This requires HashiCorp® Vault to be downloaded, installed and operated by the user. Vault is not a built-in identity service and does not ship with JS7.
- JS7 implements a REST client for use with HashiCorp® Vault 1.7.0 and newer.
Identity Service Types
The following integration levels are available from identity service types that can be used with Vault:
Identity Service | Identity Service Configuration Items | JOC Cockpit Configuration | ||||
---|---|---|---|---|---|---|
Service Type | Built-in | User Accounts/Passwords stored with | User Accounts/Passwords managed by | Roles/Permissions stored with | Assignment Roles->User Accounts managed with | Roles Mapping |
VAULT | no | Vault Server | Vault Server | JS7 Database | Vault Server | Mapping of Vault Policies to JOC Cockpit Roles |
VAULT-JOC | no | Vault Server | Vault Server | JS7 Database | JOC Cockpit | Mapping of user accounts and roles with JOC Cockpit |
VAULT-JOC-ACTIVE | no | Vault Server | Vault Server / JOC Cockpit | JS7 Database | JOC Cockpit | Mapping of user accounts and roles with JOC Cockpit |
Explanation:
- Service Type: VAULT
- Management of user accounts and passwords is performed with the Vault Server.
- In addition, an automated mapping of policies - assigned a user account in Vault - to JOC Cockpit roles takes place.
- JOC Cockpit does not know any user accounts, passwords an role assignments as this information is managed with Vault only.
- Service Type: VAULT-JOC
- Management of user accounts and passwords is performed with the Vault Server.
- The assignment of roles to user accounts is performed with JOC Cockpit and is stored with the JS7 database.
- JOC Cockpit knows user accounts and role assignments. JOC Cockpit does not know passwords as this information is managed with Vault only
- Service Type: VAULT-JOC-ACTIVE
- Management of user accounts and passwords is performed with JOC Cockpit. JOC Cockpit forwards user accounts and passwords to the Vault Server. JOC Cockpit stores users accounts (not: passwords) in the JS7 database.
- The assignment of roles to user accounts is performed with JOC Cockpit and is stored with the JS7 database.
- JOC Cockpit knows user accounts and role assignments. JOC Cockpit temporarily knows passwords until this information is forwarded to Vault.
Identity Service Configuration
JOC Cockpit offers the Manage Identity Services view for configuration:
Overview
Content Tools