Managing and mapping roles and properties

Spectrum SSO conveniently maps user accounts to admin-assigned credentials. Users with the SSO_STS role are granted the proper shares when they log in to Spectrum™ Technology Platform. To remove role mapping, enter the LDAP attributes to un-map in the value field in the removeMapping section of the JMX console.

Ensure that your users are defined to Spectrum™ Technology Platform with the appropriate credentials and permissions. If any user has a property setting of spectrum.security.account.createNonExisting=False, the user will not be recognized and will not be authenticated for SSO. User names must be created manually, by the system administrator. A user who does not exist in the external authentication repository will not be able to log in to Spectrum, even if the user is manually created in the Spectrum Management Console. Once the user is created in the external authentication repository, they can log in to Spectrum.

Assign the Admin role

  1. Update the following property in spectrum-config-sso-sts.properties found in location <installationDirectory>/server/app/conf/spring/security: spectrum.security.authentication.IdPserver.admin.role=<GroupName>.Provide the GroupName that requires the Spectrum™ Technology Platform admin role, such as "Domain Users."
  2. Log in as a user under the group name you assigned, then establish roles for other users. Go to Security > Users > Roles, or use the Role Mapping process described in the next section.