To view all the identity management systems:
- In the left navigation menu, click Users > Identity Management Systems.
- The Identity Management Systems list page will be displayed. These can be filtered alphabetically using the dropdown on the top right. Use the arrow buttons to move through the pages of results.
You can click on the IDMS's name to visit its details page. Clicking the ellipsis menu on the right of an IDMS gives you the following options:
- View - view the IDMS's details.
- Edit - edit the IDMS.
- Delete - delete the IDMS.
IDMS Details: Overview Tab
Click the name of the IDMS to view its details page.
Depending on the type of IDMS, this page may have a tab menu. A More tab will display when there are more tabs than the screen can accommodate; you can click More to review the remaining menu options.
The Overview tab shows by default. The information provided depends on the IDMS type, but the following fields are possible:
- IDMS Type - the type of IDMS (Internal, AD, SAML, or CASPort)
- Date Created - the date the IDMS was added to Kion.
- Date Updated - the date the IDMS was last updated in Kion.
- Service Provider Icon (SAML IDMS only) - the icon that displays on the login screen for this IDMS. This can be set when creating or editing a SAML IDMS.
- Password Expiration Period(Internal IDMS only) - the number of days before each user's password will automatically expire.
- Total Users - the number of users in this IDMS.
IDMS Details: Access Rules Tab
The Access Rules tab shows any access rules you set when creating a SAML IDMS. Access rules allow you to set the level of cloud console access available to users via SAML assertions.
If no access rules are specified, then all users have full access. If any access rules are specified, then all users have no access. Both of these terms are defined below.
- Full Access - this is the default level of access. It means customers may use cloud access roles to login and access the cloud consoles. It does not automatically grant access to the cloud; rather, it means that the use of cloud access roles is allowed to set access permissions for them.
- Restrict Console Access - this level of access allows users to log in and use the Kion application, but they cannot log into any cloud consoles. This is useful if you have a SAML provider that allows users to login with a SmartCard vs a password. Typically, users with a SmartCard would be granted Full Access, while users with just a password would be granted Restrict Console Access.
- No Access - this level of access means a user is not allowed to log into Kion. This is the equivalent of a Validation Rule. If any Access Rules are set, then this becomes the default level of access.
You can add an access rule using the Add button on this tab. For more information on the fields required to add access rules, please see step 21 in the Add a SAML 2 IDMS article.
IDMS Details: User Group Associations Tab
The User Group Associations tab shows any user groups you specified for association when creating a SAML IDMS. User group associations allow you to automatically add or remove users to groups in Kion based on SAML assertions.
You can add user group associations using the Add button on this tab. For more information on the fields required to add user group associations, please see step 21 in the Add a SAML 2 IDMS article.
IDMS Details: Validation Rules Tab
The Validation Rules tab shows any validation rules you specified for association when creating a SAML IDMS. Validation rules allow you to prevent the ability for users to log into the Kion application via SAML assertions. If any of the expressions returns false, the user cannot log into Kion.
You can add validation rules using the Add button on this tab. For more information on the fields required to add validation rules, please see step 21 in the Add a SAML 2 IDMS article.