Introduction
- The JS7 - Identity Services offer integration with LDAP Directory Services for authentication and authorization.
- The LDAP Identity Service is a built-in service available from JOC Cockpit
Identity Service Type
The following integration levels are available from Identity Service Types that can be used with LDAP:
Identity Service | Identity Service Configuration Items | JOC Cockpit Configuration | ||||
---|---|---|---|---|---|---|
Service Type | Built-in | User Accounts/Passwords stored with | User Accounts/Passwords managed by | Roles/Permissions stored with | Roles->User Accounts Mapping managed with | Roles Mapping |
LDAP | yes | LDAP Server | LDAP Server | JS7 Database | LDAP Server | Mapping of LDAP Security Groups to JOC Cockpit Roles performed with the LDAP Server |
LDAP-JOC | yes | LDAP Server | LDAP Server | JS7 Database | JOC Cockpit | Mapping of user accounts and roles with JOC Cockpit |
Explanation:
- Service Type:
LDAP
- Management of user accounts and passwords is performed with the LDAP Server.
- In addition, an automated mapping of membership in LDAP Security Groups to JOC Cockpit roles takes place.
- JOC Cockpit does not know any user accounts, passwords an role assignments as this information is managed with LDAP only.
- Service Type:
LDAP-JOC
- Management of user accounts and passwords is performed with the LDAP Server.
- The assignment of roles to user accounts is performed with JOC Cockpit and is stored with the JS7 database.
- JOC Cockpit knows user accounts and role assignments. JOC Cockpit does not know passwords as this information is managed with LDAP only
Identity Service Configuration
JOC Cockpit offers the Manage Identity Services view from the user menu of an administrative account for configuration of Identity Services:
Add Identity Service
To add an Identity Service use the button Add Identity Service from the above list of Identity Services:
Explanation:
- The
Identity Service Name
is a unique identifier that can be freely chosen. - The
Identity Service Type
can be selected as available from the above matrix. - The
Ordering
specifies the sequence in which a login is performed with available Identity Services. - The
Required
attribute specifies if login with the respective Identity Service is required to be successful, for example if a number of Identity Services are triggered on login of a user account.
Overview
Content Tools