Configure User Management
Use this procedure to configure how you want your CN2 users to be managed. A CN2 user is someone who can log in and use the CN2 Web UI.
You can manage CN2 users from the CN2 Web UI, from the OpenShift Container Platform (OCP), or from a third-party Identity Provider (IDP).
-
If you choose to manage CN2 users from the CN2 Web UI, then your CN2 users are authenticated with the local database that CN2 administers. Users configured from OCP will not be able to log in to the CN2 Web UI until you add them explicitly using the user management functions of the CN2 Web UI. With this option, you're managing OCP and CN2 users separately.
This is the default option.
-
If you choose to manage CN2 users from OCP, then your OCP users and your CN2 users are one and the same. All users are authenticated with the authentication method that you configure for OCP. You add users through OCP, and those same user credentials can be used seamlessly to log in to the CN2 Web UI as regular users. The user management functions in the CN2 Web UI are disabled.
We show you how to configure this option in the steps below.
-
If you choose to manage CN2 users through a third-party IDP, then your users are authenticated with that IDP. The user management functions in the CN2 Web UI are disabled. Users configured through OCP will not be able to log in to the CN2 Web UI until you add them explicitly through that third-party IDP. CN2 supports LDAP and OAuth2 IDPs.
If you want to use this option, see the documentation for the IDP you want to use.
The following procedure shows how you can configure CN2 to use OCP for CN2 user authentication.