Configuring the Dynamic Workload Console for Single Sign-On

Configure the Dynamic Workload Console for Single Sign-On.

About this task

Single Sign-On (SSO) is a method of access control that allows a user to authenticate once and gain access to the resources of multiple applications sharing the same user registry.

This means that using SSO you can run queries on the plan or manage item definitions on the database accessing the engine without authenticating, automatically using the same credentials you used to log in to the Dynamic Workload Console.

The same is true when working with the Self-Service Catalog app from a mobile device. If the Dynamic Workload Console has been configured to use SSO, then these apps automatically use the same credentials used to log in to the Dynamic Workload Console.

After the installation completes, you can configure the Dynamic Workload Console and the HCL Universal Orchestrator engine to use SSO. To do this, they must share the same authentication provider user registry. See Configuring a user registry for more details.

The default user of the Dynamic Workload Console is already configured for SSO. You can configure SSO for other users using an MP-JWT token.

Note: When implementing a configuration in SSO, ensure you have not specified the engine credentials in the Manage Engine section.

Configuring the Dynamic Workload Console for Single Sign-On with MP-JWT

About this task

Perform the following steps:


  1. Configure an authentication provider for the Dynamic Workload Console as explained in Configuring a user registry.
  2. Create the Access Control list for the authentication provider user or group. For example, to give full access on folders to an LDAP group perform the following steps:
    1. From the Dynamic Workload Console open the Manage Workload Security panel and select Give access to users and groups.
    2. Select the LDAP group from the drop-down list and FULL_CONTROL in the field Role.
    3. Select Folder and assign the root by clicking /.
    4. Save