Users Guide

ManualsBrandsDell ManualsActive System ManagerEMC OpenManage Enterprise

141

142

143

144

145

146

147

148

149

150

Configure an OpenID Connect provider policy in Keycloak for role-

based access to OpenManage Enterprise

To enable OpenManage Enterprise OpenID Connect login using Keycloak, you must first add and map a scope dxcua to the

Client ID and define the user privileges as follows:

NOTE: The Discovery URI specified in the OpenID Connect provider configuration wizard should have a valid endpoint of

the provider listed.

1. In the Attributes section of Keycloak Users, define the 'Key and Value' for OpenManage Enterprise login roles using one of

the following attributes:

● Administrator : dxcua : [{"Role": "AD"}]

● Device Manager: dxcua : [{"Role": "DM"}]

● Viewer: dxcua : [{"Role": "VE"}]

2. Once the client is registered in Keycloak, in the Mappers section, add a "User Attribute" mapper type with below values:

● Name: dxcua

● Mapper Type: User Attribute

● User Attribute: dxcua

● Token Claim Name: dxcua

● Claim Json Type: String

● Add to ID Token: enable

● Add to access Token: Enable

● Add to user info: Enable

Test the registration status of OpenManage Enterprise with the

OpenID Connect provider

On the Application Settings > Users > OpenID Connect Providers page do the following:

1. Select an OpenID Connect provider.

2. On the right pane, click Test Registration Status.

NOTE:

Test connection does not depend on the username and password or the initial access token details, as it only

checks for the validity of the Discovery URI.

The latest registration status ('Successful' or 'failed') with the OIDC provider is updated.

Edit an OpenID Connect provider details in OpenManage Enterprise

On the Application Settings > Users > OpenID Connect Providers page do the following:

1. Select an OpenID Connect provider.

2. Click Edit on the right pane.

3. Depending on the Registration Status of the OpenID Connect provider client, you can do the following:

a. If the Registration Status is 'Successful,' only the Certification Validation, Test Connection, and Enabled check box can

be edited.

b. If the Registration Status is 'failed,' then you can edit the Username, Password, Certification Validation, Test Connection,

and Enabled check box.

4. Click Finish to implement, or click Cancel to discard the changes.

142

Managing OpenManage Enterprise appliance settings