Cloudentity’s Admin Management Tools provide a core set of UI and API tools to grant access people and tools that require access for administrators of the Cloudentity platform and to allow developers to register applications.

Guide to the Admin UI

Cloudentity Admin UI is a front-end service for administration. Admin UI is divided to sections, each responsible for administration of different part of data in the system:

Terms

  • Dashboard: A generic overview of the system for an "at a glance" view.

  • User Management: The Users section allows an admin to search for users on a range of filters, view and edit the details for a specific user including User Entitlements, forcing the reset of a password, revocation of tokens and managing the status of the user(such as locking, deactivating or deleting an account).

  • Organizations Cloudentity allows for organizations within the primary account — this can be used to provide an Demo solution with different registration rules, base entitlements, and management for separate users, services and things. The Organizations tab allows the admin to create and manage the details of that organizations and to context switch to behave as an admin for that organization.

  • Identity Providers: User Identity may be informed from different Identity Providers (or IdPs). Admins are able to add from pre-defined IdPs such as Google, Salesforce and Azure AD or federate the Cloudentity stack as a SAML Service Provider or connect using OIDC. These tools also allow the admin to update meta data, OIDC tokens, and map external identifiers to local fields and Entitlements.

  • Service Providers: The UI provides easy tools to connect SAML Service Providers (SPs) to the Identity stack. This includes linking or importing SAML metadata, managing active status, and mapping user fields (username, email, etc.) to custom fields per SP.

  • Entitlements: SAML entitlements include not only a name and description, but also a custom Auth Level to inform realtime security at the time of enforcement. The Entitlements panel allows the admin to manage these attributes with basic CRUD operations.

  • Entitlement Groups: Entitlement Groups allow the admin to create and manage reusable collections of Entitlements based on business requirements. These groups can then be applied to users for easier management of complex workflows and Entitlement needs.

  • Access Policies: The admin is able to configure complex security enforcement policies using various types of validators — these include conditional workflows based on nearly any available data point (http data, JWT, OAuth scopes, device attributes, session data, etc.)

  • Applications: OAuth and OIDC compliant applications (resource servers, client apps) can be created and modified including the attachment of security policies, definition of API endpoints, and general configuration and permissions management. Detailed client configuration available in Self-Service UI via Developer section.

  • Microservices: As MicroPerimeter™ services are registered, the admin is able to manage security policies for services down to the individual endpoint (GET/PUT/POST/DELETE on paths).

Configuration

Admin UI features are highly customizable via JSON config files deployed within the directory structure of the application. The actual location of the config files may vary depending on installation, please refer to your runbook for specific details.

  • config.json - configures navigation, available administration panels, available actions for each panel, advanced edit forms settings, etc. This also allows for customization to allow different UI tools to be exposed or removed based on business rules.

  • ui.json - configures external services connections with (or without) single domain support (AuthN UI, Self-Service UI, Federation Service, etc.), API call headers.