Identity and Access Management (IAM) configuration

Use the IAM app to set up user login and access control in ITRS Analytics.

The following sections provide a walkthrough to the process of connecting an identity provider and managing who can access what using roles, groups, and permissions.

• Add an Identity Provider — set up an external Keycloak identity provider that will be used to authenticate users.
• Set up roles — define roles that represent different access levels (for example, admin, user, default).
• Set up groups — create groups to organize users, and optionally associate roles with these groups.
• Add users — add users and assign them to groups or roles as needed.
• Set up permissions — define what actions roles or users can perform on which resources.

Add an Identity Provider Copied

To configure a new identity provider, do the following:

1. From the web console, navigate to Admin > IAM.
2. Select Identity Providers, then click the button.
3. Enter a Name for the new identity provider.
4. Under Type, select the appropriate identity provider type (OIDC or SAML).
5. Provide the URLs for the following fields:
   • Discovery Endpoint – the URL where the provider’s metadata can be retrieved.
   • Authorization URL – the endpoint used to initiate the login process.
   • Token URL – the endpoint used to exchange the authorization code for tokens.
   • Logout URL – the endpoint used to log out users.
   • User Info URL – the endpoint used to retrieve user profile information.
6. In the Issuer field, enter the expected issuer value (usually matches the provider’s base URL).
7. Toggle the Validate Signatures switch to enable or disable signature validation.
8. Enter the Client ID and Client Secret provided by the identity provider.
9. Specify the Scopes to request (for example, openid).
10. Click Save to complete the setup.

Set up roles Copied

To create a new role, do the following:

1. From the web console, navigate to Admin > IAM.
2. Select Roles, then click button.
3. Enter a Name for the role. Choose a name that clearly reflects the role’s purpose or level of access.
4. Click to create the role.

Note

Tip: After creating the role, you can assign it to users or associate it with permissions under the Users and Permissions sections.

Set up groups Copied

To create a new group, do the following:

1. From the web console, navigate to Admin > IAM.
2. Select Groups, then click the button.
3. Enter a Name for the group. Use a name that reflects the group’s purpose or the users it will contain.
4. Click to create the group.

Note

After creating a group, you can add users to it and assign roles or permissions to manage access collectively.

Add users Copied

To create a new user, do the following:

1. From the web console, navigate to Admin > IAM.
2. Select Users, then click the button.
3. Enter a Username for the user. This will be their unique identifier for login.
4. Provide the user’s First Name and Last Name.
5. Click to create the user.

Set up permissions Copied

To define and assign permissions, do the following:

1. From the web console, navigate to Admin > IAM.
2. Select Permissions, then click the button.
3. Enter a Name for the new permission. Choose something descriptive that reflects its purpose or scope.
4. In the Resource dropdown, select the resource (for example, entity-management) that the permission will apply to.
5. In the Users dropdown, select one or more users to associate with the permission.
6. In the Roles dropdown, select one or more roles to associate with the permission. Users assigned to these roles will inherit the permission.

Note

You can assign permissions to individual users, roles, or both. Roles are typically used to manage access for groups of users.

7. Click to apply the new permission.