Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configure User Management

Use this procedure to configure how you want your CN2 users to be managed. A CN2 user is someone who can log in and use the CN2 Web UI.

You can manage CN2 users from the CN2 Web UI, from the OpenShift Container Platform (OCP), or from a third-party Identity Provider (IDP).

  • If you choose to manage CN2 users from the CN2 Web UI, then your CN2 users are authenticated with the local database that CN2 administers. Users configured from OCP will not be able to log in to the CN2 Web UI until you add them explicitly using the user management functions of the CN2 Web UI. With this option, you're managing OCP and CN2 users separately.

    This is the default option.

  • If you choose to manage CN2 users from OCP, then your OCP users and your CN2 users are one and the same. All users are authenticated with the authentication method that you configure for OCP. You add users through OCP, and those same user credentials can be used seamlessly to log in to the CN2 Web UI as regular users. The user management functions in the CN2 Web UI are disabled.

    We show you how to configure this option in the steps below.

  • If you choose to manage CN2 users through a third-party IDP, then your users are authenticated with that IDP. The user management functions in the CN2 Web UI are disabled. Users configured through OCP will not be able to log in to the CN2 Web UI until you add them explicitly through that third-party IDP. CN2 supports LDAP and OAuth2 IDPs.

    If you want to use this option, see the documentation for the IDP you want to use.

The following procedure shows how you can configure CN2 to use OCP for CN2 user authentication.

  1. If you haven't installed Contrail Analytics yet, then follow the steps in Install Contrail Analytics and the CN2 Web UI. In that procedure, we show you how to configure CN2 user management options during the installation. You can skip the remaining steps below.
    Otherwise, proceed to the next step to configure CN2 user management options for an existing Contrail Analytics and Web UI installation.
  2. Locate the openshift-values.yaml file in the Contrail Analytics package.
  3. Enable the Dex OpenShift connector in that file.
    Uncomment the following lines and specify the external IP address: where <external-ip> is the node IP address (for example, 172.16.0.11, if you follow the examples in this document).
  4. Apply the updated Helm chart.
After the updated Helm chart takes effect, OCP users will be able to log in and use the CN2 Web UI.