Skip to content

Add a Default Role to Privacera Portal Users

You can configure default role mapping in the Privacera Portal to assign specific roles to users logging in through SSO Identity Providers (IdP) such as LDAP/AD or SAML.

By setting a default role, you ensure that users authenticating via the Identity Provider (IdP) are automatically assigned the specified role(s) upon their first login. This streamlines user management and ensures consistent access control policies.

To configure a default role for IdP users, follow these steps:

  1. SSH into the instance where Privacera Manager is installed.

  2. Navigate to the configuration directory:

    Bash
    1
    cd ~/privacera/privacera-manager/config

  3. Copy the sample variables to the custom variables directory if they are not already present:

    Bash
    1
    cp -n sample-vars/vars.portal.yml custom-vars/vars.portal.yml

  4. Open the vars.portal.yml file for editing:

    Bash
    1
    vi custom-vars/vars.portal.yml

  5. Locate the variable for setting the default user role and uncomment it. Assign the desired role(s) as a comma-separated list:

    YAML
    1
2
    #### Uncomment the variable to provide the default user role in the comma-separated manner for multiple roles
PORTAL_SSO_DEFAULT_USER_ROLE: "<DEFAULT_USER_ROLE>"

    Example

    YAML
    1
    PORTAL_SSO_DEFAULT_USER_ROLE: "ROLE_READ_ONLY"

  6. Save and close the file.

Deploying the Service

  1. Generate the Helm charts. This step prepares the required Kubernetes configurations for deploying the Privacera services.

    Bash
    1
2
    # This step usually takes a few minutes.
./privacera-manager.sh setup

  2. Apply the Helm charts. This will deploy the Privacera services to your Kubernetes cluster and may take a few minutes.

    Bash
    1
    ./pm_with_helm.sh upgrade

  3. Perform post-installation steps, such as generating the plugin tarball and updating Route 53 DNS. These steps are essential to finalize the deployment and ensure that all services are properly configured.

    Bash
    1
    ./privacera-manager.sh post-install

By following these steps, you will have successfully configured a default role for users authenticating through your IdP.

Comments