Requirements for Managing Identity Providers

OneStream IdentityServer Setup and System Configuration

To manage identity providers, you must:

By default, the system configuration is enabled for the feature to manage identity providers. If you need support with the system configuration, submit a Support ticket.

Required System Security Role

You need group-based access to the ManageIdentityProviders system security role to manage identity providers. By default, the Administrators group is assigned to this role.

To assign the required role to a group, you must have the ManageSystemSecurityRoles role. To add users to an existing group, you must have the ManageSystemSecurityGroups role.

See:

Apply Security Role

Assign the ManageIdentityProviders role to the users who will manage identity providers. Ensure the users are in the appropriate group, then assign the group to the role.

  1. If one does not exist, create a group to which you will add all users who will work with identity providers. Otherwise, go to step 2.

    1. Go to System > Security > Groups.

    2. Click the Create Group icon.

    3. Enter a group name and description that reflects how users will work with identity providers. For example, use IdP Managers as the group name for users who will manage identity providers, and assign the ManageIdentityProviders role.

    4. In Group Membership, click the Add Users icon or the Add Child Groups icon to include the users or groups of users who will manage identity providers.

    5. Click the Save icon.

  2. Click System Security Roles, and then click the ellipsis next to ManageIdentityProviders.

  3. Select the group containing the users who will manage identity providers.

  4. Click the OK button, then click the Save icon.

See "Managing Users and Groups" in the Design and Reference Guide.