×
Identity and Access Management (IAM) configuration
Use the IAM app to set up user login and access control in ITRS Analytics.
The following sections provide a walkthrough to the process of connecting an identity provider and managing who can access what using roles, groups, and permissions.
- Add an Identity Provider — set up an external Keycloak identity provider that will be used to authenticate users.
- Set up roles — define roles that represent different access levels (for example,
admin
,user
,default
). - Set up groups — create groups to organize users, and optionally associate roles with these groups.
- Add users — add users and assign them to groups or roles as needed.
- Set up permissions — define what actions roles or users can perform on which resources.
Add an Identity Provider Copied
To configure a new identity provider, do the following:
- From the web console, navigate to Admin > IAM.
- Select Identity Providers, then click the
button.
- Enter a Name for the new identity provider.
- Under Type, select the appropriate identity provider type (OIDC or SAML).
- Provide the URLs for the following fields:
- Discovery Endpoint – the URL where the provider’s metadata can be retrieved.
- Authorization URL – the endpoint used to initiate the login process.
- Token URL – the endpoint used to exchange the authorization code for tokens.
- Logout URL – the endpoint used to log out users.
- User Info URL – the endpoint used to retrieve user profile information.
- In the Issuer field, enter the expected issuer value (usually matches the provider’s base URL).
- Toggle the Validate Signatures switch to enable or disable signature validation.
- Enter the Client ID and Client Secret provided by the identity provider.
- Specify the Scopes to request (for example,
openid
). - Click Save to complete the setup.
Set up roles Copied
To create a new role, do the following:
- From the web console, navigate to Admin > IAM.
- Select Roles, then click
button.
- Enter a Name for the role. Choose a name that clearly reflects the role’s purpose or level of access.
- Click
to create the role.
Note
Tip: After creating the role, you can assign it to users or associate it with permissions under the Users and Permissions sections.
Set up groups Copied
To create a new group, do the following:
- From the web console, navigate to Admin > IAM.
- Select Groups, then click the
button.
- Enter a Name for the group. Use a name that reflects the group’s purpose or the users it will contain.
- Click
to create the group.
Note
After creating a group, you can add users to it and assign roles or permissions to manage access collectively.
Add users Copied
To create a new user, do the following:
- From the web console, navigate to Admin > IAM.
- Select Users, then click the
button.
- Enter a Username for the user. This will be their unique identifier for login.
- Provide the user’s First Name and Last Name.
- Click
to create the user.
Set up permissions Copied
To define and assign permissions, do the following:
- From the web console, navigate to Admin > IAM.
- Select Permissions, then click the
button.
- Enter a Name for the new permission. Choose something descriptive that reflects its purpose or scope.
- In the Resource dropdown, select the resource (for example,
entity-management
) that the permission will apply to. - In the Users dropdown, select one or more users to associate with the permission.
- In the Roles dropdown, select one or more roles to associate with the permission. Users assigned to these roles will inherit the permission.
Note
You can assign permissions to individual users, roles, or both. Roles are typically used to manage access for groups of users.
- Click
to apply the new permission.
["ITRS Analytics"]
["ITRS Analytics > IAM"]
["User Guide"]