To use single sign-on (SSO) in Metacloud and provide access to your existing projects, you must create groups in your projects’ domain with the same names as the groups in your Identity Provider, and add those groups to those projects using the Dashboard. if you are using an existing LDAP domain, see Setting Up Groups for Single Sign-on Integration with an Existing LDAP Domain for information.
You must understand the difference between a domain and a project:
- Domain—A collection of projects and users that define administrative boundaries for managing Identity entities. A domain can represent an individual, company, or operator-owned space.
- Project—A container that collects or isolates resources or identity objects. Depending on the service operator, a project might map to a customer, account, organization, or tenant.
See Using Identity Features for more information about working with Identity.
To create the required mapping for single sign-on, you will need to create a group in your primary domain using the Dashboard.
To create a group using the Metacloud Dashboard:
- Log in to the primary Domain on the Dashboard.
Select Admin, Groups to display the Groups page.
Click Create Group to create a specific group for all users in your Identity Provider.
Verify the new group displays on the Groups page.
- Select Projects to display the Projects page.
- Click Create Project to create a project for the new group.
- (Optional) Click Manage Members and select Project Groups on the Edit Project dialog to edit an existing group.
Select the Project Groups tab on the Create Project dialog.
- Click the + next to the new group in the All Groups column and add it to the Project Groups column.
- Use the checkboxes to assign the group Member or Admin privileges.
Select the Project Information tab and enter the Name of the project.
- Click Create Project.
- Verify the new project displays on the Projects page.