The main user interface (UI) for Authorization is described below. Role-based access for specific users and groups is set through the Admin Essentials | User Management page views. Please note that available views, features, and interactions in the UI are limited based on user permissions.
If the user is running IAP on a Local AAA instance and does not have the Pronghorn admin role, the Authorization icon (located in the top toolbar on the left) will bring up the User Management page.
Redirect to Authorization Manager
If the user is running IAP on an LDAP instance, or if the user role is Pronghorn admin, the Authorization icon will redirect you to the legacy Authorization Manager page. The documentation for that page can be viewed by navigating to Admin Guides > Itential Automation Platform > Authorization.
Various terms related to IAP users, groups, and roles are defined in the following table.
|User||An entity that can perform specific actions within multiple IAP applications based on group associations.|
|Group||A collection of roles that can be assigned to a user.|
|Role||A collection of granular level privileges that can be assigned to groups.|
|Permission||Authorization granted to an API and a specific page view.|
|Provenance||Refers to the source (origin) of a group. For external groups, this is set to the IAP AAA
From the Users tab, IAP Admins can change user passwords or switch what groups are assigned. The various features and elements of this page view are summarized in the table below.
|1||Search and Filter||Use the search bar to search for items in the collection based on the filter setting (e.g., username).|
|2||Sort By||Used to sort the items in the collection based on the selected value in the dropdown.|
|3||More Button||Click the stacked dots to edit or delete a user.|
|4||Group Chips||Shows the first group a user is assigned to, with a number modifier showing how many other groups the user has been assigned to.|
|5||Pagination||Used to show the total number of discrete pages and to page through a collection. Also used to set how many items to display if there are too many in a collection.|
When you select the Edit option in the More button, a new dialog opens that allows you to set a new username and password, and assign groups. Click the checkmark (✓) icon to show the new password that was entered in the New Password field. Once all changes are made, click the Save button.
From the Groups tab, IAP Admins can change what role is assigned to a group. The role is used to specify user permissions and access only to the applications and other system information a particular group of users need.
|1||Group||Group names and roles are listed and can be arranged in order by clicking the double-arrows. Click the More button (stacked dots) to edit or delete a group.|
|2||Users||Users in a select group are displayed in a panel on the right side. Only 15 users are shown at a time; if looking for a particular user, search by username using the search bar.|
When you select the Edit option in the More button, a new dialog opens that allows you to select a new role for a group. Use the search bar to find a specific role. Once all changes are made, click Save.