Create and manage users
This topic describes how to create and manage users depending on the type of authentication realm.
Internal Security / Internal Storage type users
For Internal Storage type authentication realms, such as the default Internal Security authentication realm, you create users in Administration > Security by using the Create User button.
When adding a new user, the username and password is what the individual will use when logging in to Deployment Automation. The username is also displayed when setting up additional security.
After you have added the new user to a group, you might need to configure additional permissions, for example, when the new user is mapped to a group that has limited permissions.
Include an email ID for the user if you want them to be eligible to receive email notifications. See Configure email notifications.
After LDAP configuration is complete, when new users log in with their LDAP credentials, they will be listed in the Authentication Realms pane.
You should not manage user passwords or remove users from the list. If active users are removed from Deployment Automation, they will still be able to log in to the server as long as their LDAP credentials are valid.
Single Sign-On users
SBM solutions, such as Release Control, can use Single Sign-On (SSO) to access Deployment Automation functionality.
The users are created in SBM. When Deployment Automation is accessed the first time from SBM, the corresponding user is automatically created in Deployment Automation.
PKI Certificate users
Users authenticated with PKI Certificate are automatically created with the first login using the associated CA certificate. They are automatically added to an authentication realm of PKI Certificate type.
These users are assigned to a group based on the Default security group set in the system settings. If the default security group is not configured, PKI Certificate users are not assigned to a group. For details, see System settings.
Administrators can also add users to the PKI Certificate authentication realm without providing users' client certificates. The administrator assigns the users to groups manually and configures permissions on a user by user basis. When users log in with their certificates, they are identified by their login name, and their data is updated from the properties provided in the certificate, such as username and email ID.
Administrators map certificate properties to user properties during configuration of the PKI Certificate authentication realm. See Create PKI Certificate authentication realms.