Chapter 2. Adding a User Storage Provider (LDAP/Kerberos) to Ansible Automation Platform Central Authentication
Ansible Automation Platform Central Authentication comes with a built-in LDAP/AD provider. You can add your LDAP provider to central authentication to be able to import user attributes from your LDAP database.
Prerequisites
- You are logged in as an SSO admin user.
Procedure
- Log in to Ansible Automation Platform Central Authentication as an SSO admin user.
-
From the navigation panel, select
.
When using an LDAP User Federation in RH-SSO, a group mapper must be added to the client configuration, ansible-automation-platform, to expose the identity provider (IDP) groups to the SAML authentication. Refer to OIDC Token and SAML Assertion Mappings for more information on SAML assertion mappers.
- From the Add provider list, select your LDAP provider to proceed to the LDAP configuration page.
The following table lists the available options for your LDAP configuration:
Configuration Option | Description |
Storage mode | Set to On if you want to import users into the central authentication user database. See Storage Mode for more information. |
Edit mode | Determines the types of modifications that admins can make on user metadata. See Edit Mode for more information. |
Console Display Name | Name used when this provider is referenced in the admin console |
Priority | The priority of this provider when looking up users or adding a user |
Sync Registrations | Enable if you want new users created by Ansible Automation Platform Central Authentication in the admin console or the registration page to be added to LDAP |
Allow Kerberos authentication | Enable Kerberos/SPNEGO authentication in the realm with users data provisioned from LDAP. See Kerberos for more information. |