You can configure identity federation if you want admin groups and users to be managed in another
system such as Active Directory, OpenLDAP, or Oracle Directory Server.
About this task
You must configure an identity source for the
Grid Manager if you want to import the following types of federated groups:
- Administration groups. The users in admin groups can sign in to the Grid Manager and perform tasks, based on the management permissions assigned to the group.
- Tenant user groups for tenants that do not use their own identity source. Users in tenant groups can sign in to the Tenant Manager and perform tasks, based on the permissions assigned to the group in the Tenant Manager.
Note: Configuration of identity federation has been verified with Active Directory, OpenLDAP, and Oracle Directory Server. If you want to use another LDAP service, contact support.
Note: StorageGRID uses STARTTLS for securing LDAP communications. It does not support the LDAP over SSL (LDAPS) protocol. The default port used for communications with the LDAP server is 389, but you can use any port as long as your firewall is configured correctly.
Note: If you plan to enable single sign-on (SSO), you must use Active Directory as the federated identity source and AD FS as the identity provider. See "Requirements for using single sign-on."