Requirements for Managing Identity Providers

OneStream IdentityServer Setup and System Configuration

To manage identity providers, you must:

By default, the system configuration is enabled for the feature to manage identity providers. If you need support with the system configuration, submit a Support ticket.

Required System Security Role

You need group-based access to the ManageIdentityProviders system security role to manage identity providers. By default, the Administrators group is assigned to this role.

To assign the required role to a group, you must have the ManageSystemSecurityRoles role. To add users to an existing group, you must have the ManageSystemSecurityGroups role.

See:

Apply Security Role

The following instructions provide an example of applying security roles. This may be configured differently depending on your security needs.

Assign the ManageIdentityProviders role to the users who will manage identity providers. Ensure the users are in the appropriate group, then assign the group to the role.

  1. If one does not exist, create a group to which you will add all users who will work with identity providers. Otherwise, go to step 2.

    1. Go to System > Administration > Security.

    2. Click the Create Group icon.

      The security page has a toolbar row at the top of the page with icons. The Create Group icon is highlighted. It has the silhouettes of three users with a blue circle connecting them as a group.

    3. Enter a group name and description that reflects how users will work with identity providers. For example, use IdP Managers as the group name for users who will manage identity providers, and assign the ManageIdentityProviders role.

      The Create Group page has a grid with row headings that have a gray background with black text and can be expanded to display fields with a white background and black text. This example displays the Name, Description, and Child Groups and Users fields. The Name field has the example text: IdP Managers. The Description field has the example text: Users who will manage identity providers.

    4. In Group Membership > Child Groups and Users, click the Add Child Groups icon or the Add Users icon to include the users or groups of users who will manage identity providers.

      The Add Child Groups dialog box displays the list of child groups on the left of the screen as the Source List. Instructions explain that you can double-click or drag items to the right of the screen to add them to the Result List. There is also a field at the top of the screen that can be used to search for a specific child group.

    5. Click the Save icon.

  2. Click System Security Roles, and then click the ellipsis next to ManageIdentityProviders.

    The System Security Roles page has a grid with row headings that have a gray background with black text and can be expanded to display fields with a white background and black text. This example highlights the role ManageIdentityProviders and an ellipsis next to the role.

  3. Select the group containing the users who will manage identity providers.

    The Object Lookup dialog box displays the list of security groups. This example highlights the option IdP Managers.

  4. Click the OK button, then click the Save icon.

See Managing Users and Groups in the Design and Reference Guide.