IDMS Details

Follow

IDMS Details

Identity Management Systems (IDMS) make it easy to manage users' access to Kion efficiently and securely. We provide an internal IDMS that you can use, or you can integrate with your existing SAML 2 system (such as Active Directory or Okta).

To view your identity management systems:

  1. Navigate to Users > Identity Management Systems.
  2. Click the IDMS system you would like to view.

Depending on the type of IDMS, different tabs will be available.

Overview Tab

This is an overview of the IDMS. For all IDMS, you can see creation/update dates and a user count. For different types of IDMS, you may also see password expiration details and service provider information.

Access Rules Tab

This tab only shows for SAML 2 IDMS.

Access rules use SAML assertions to set the level of console access available to users. If no access rules are specified, then all users have Full Access. If any access rules are specified, then all users have No Access except those who are specifically granted access.

  • Full Access. Users may use cloud access roles to access the cloud consoles. This access only applies to cloud access roles, not other functions within Kion.
  • Restrict Console Access. Users can log in and use the Kion application, but they cannot access any cloud consoles.

    This is useful if you have a SAML provider that allows users to login with a SmartCard instead of a password. Typically, users with a SmartCard would be granted Full Access while users with just a password would be granted Restrict Console Access.

  • No Access. Users are not allowed to log into Kion.

Access rules are evaluated when the user logs in. If changes are made to an access rule or a user's IDMS attributes, these changes will not take effect until the next time the user logs in. This also applies to API keys associated with the user.

You can add an access rule using the Add button on this tab. For more information on the fields required to add access rules, see Add a SAML 2 IDMS.

User Group Associations Tab

This tab only shows for SAML 2 IDMS.

User group associations automatically add/remove users from user groups in Kion based on SAML assertions. This is useful for dynamically determining user permissions and is considered a best practice.

You can add user group associations using the Add button on this tab. For more information, see User Group Associations.

Validation Rules Tab

This tab only shows for SAML 2 IDMS.

Validation rules use SAML assertions to decide if a user is allowed to log into Kion. If any of the expressions return false, the user cannot log into Kion.

You can add an access rule using the Add button on this tab. For more information on the fields required to add access rules, see Add a SAML 2 IDMS.