The content described in this document belongs to the advanced use of Sensord Analytics, involving many technical details, and is suitable for experienced users to refer to related functions. If you have any questions about the document content, please consult Sensord Analytics team for one-on-one assistance.
Sensord Analytics currently supports the following two types of third-party login methods:
- OAuth2.0 Login:Supports the standard OAuth 2.0 protocol and requires Sensord Analytics version >= 1.7.
- LDAP Login:Supports the LDAP protocol and can adapt to common LDAP services such as OpenLDAP, AdLDAP, etc., and requires Sensord Analytics version >= 1.13.
Authentication Method
Automatic User Creation Mode (Default)
Default behavior, under this mode, when a user authenticated by a third-party system logs in to Sensord Analytics for the first time, a corresponding user will be automatically created in the Sensord Analytics system. Therefore, by default, all authenticated users have access to Sensord Analytics.
Enablement(Enabled by default and no manual activation is required):
sbp >= 1.3.0
sbpadmin business_config set -p sbp -k enable_oauth_auto_create_user -v trueSensors Analytics version < 1.14
monitor_tools set_config -t server -m web -n enable_oauth_auto_create_user -v trueSensors Analytics version >= 1.14
spadmin config set server -p sa -m web -n enable_oauth_auto_create_user -v trueManual User Creation Mode
After enabling this mode, the user with the same name must be manually created in the Sensord Analytics system by the administrator user before the user can log in to the Sensord Analytics system through the third-party system.
Enablement:
sbp >= 1.3.0
sbpadmin business_config set -p sbp -k enable_oauth_auto_create_user -v falseSensors Analytics version < 1.14
monitor_tools set_config -t server -m web -n enable_oauth_auto_create_user -v falseSensors Analytics version >= 1.14
spadmin config set server -p sa -m web -n enable_oauth_auto_create_user -v falsePermission Control
During OAuth2.0 Login, role information can be returned through the UserInfo API, and this role information will take effect when creating the user for the first time. If no role information is returned or when using LDAP Login, the system will use the default role information, which is the Ordinary User Role.
Modify the default role information:
sbp >= 1.3.0
sbpadmin business_config set -p sbp -k api_user_default_role -v analystSensors Analytics version < 1.14
monitor_tools set_config -t server -m web -n api_user_default_role -v analystSensors Analytics version >= 1.14
spadmin config set server -p sa -m web -n api_user_default_role -v analystsbp>=0.5 && sbp< 1.1
spadmin config set server -p sbp -m web -n api_user_default_role -v analystsbp 1.1+
spadmin config set product_global -p sbp -n api_user_default_role -v analystIf you need to modify the permission information for users who have logged in, it needs to be done by the administrator in the member and role management.
The `api_user_default_role` attribute supports admin, analyst, developer, guest. If multiple roles are required, use a comma to separate them.
In sbp1.1+ version, it supports configuring project-level default roles on the page. The priority is: Role corresponding to the `role` field in the userinfo response of the customer system > Default role configured on the page > Default role configured in `api_user_default_role` > Guest (ordinary user) as the fallback role.