Configure Dashboard Access Control Using Google Identity
MATLAB® Production Server™ administrators can use Google® identity provider to configure role-based access control for the MATLAB Production Server Dashboard. Role-based access control allows administrators to grant access to specific areas of the dashboard to certain users or groups of users. For more information about the roles that the dashboard supports, see Dashboard Access Control.
To enable dashboard access control, configure the identity provider and specify access control policies, in consultation with the Google Identity administrator.
Configure Google Identity
To configure Google Identity:
Log in to the dashboard to retrieve the redirect URI of the dashboard.
On the Google Cloud Platform Console, use the redirect URI to register the dashboard as a client application with the provider.
In the dashboard, enter values specific to the registered application and Google Identity.
Retrieve Redirect URI from Dashboard
To retrieve the redirect URI, start creating a configuration for Google Identity in the dashboard:
Navigate to either the Dashboard Access Control tab or the Manage Identity Providers tab.
Click Create and select Google.
In Create Identity Provider for Dashboard Access Control, note the redirect URI of the dashboard.
Later, you return to this view to specify the values required to configure your identify provider in the dashboard.
Register Application in Google Cloud Console
Use the Google Cloud Console to register a web client application for dashboard access control. Use the redirect URI from the MATLAB Production Server Dashboard when registering the application.
Sign in to the Google Cloud Platform Console and navigate to the Credentials page.
On the Credentials page, click Create credentials and select OAuth client ID.
From Application type drop down, select Web Application.
Enter the name of you client application (for example,
MATLAB Production Server Dashboard App).
Under Authorized redirect URIs, click Add URI.
Copy the redirect URI from MATLAB Production Server Dashboard and paste it into the URIs field in the Google Cloud Console.
The Google identity provider creates an application with a client ID and client secret. Note the values of the client ID and client secret. You enter these values next in the dashboard.
Specify Client ID and Client Secret in Dashboard
Enter the noted client ID and client secret values from the previous section in the Client ID and Client Secret fields respectively in MATLAB Production Server dashboard.
Click Create to complete the configuration of the identity provider.
Specify Dashboard Access Control Policy
Before you can specify dashboard access control policies, you must have users, and groups, if applicable, set up in Google. Consult the Google identity provider administrator for this setup.
The access control policies define areas of the dashboard that users can access and tasks that they can perform in these areas. Use the policies to assign the manager and application author roles to users in your organization by entering their Google user names.
On the Dashboard Access Control tab of the dashboard, select Google as the identity provider.
In the Dashboard Access Control Policy section, enter Google user names to assign manager and application author roles to users in your organization. Click Save after you enter the values.
Enable Dashboard Access Control
After you configure Google Identity and specify access control policies, you must enable dashboard access control by selecting the Yes option. After enabling dashboard access control, a dashboard login URL that supports single sign-on (SSO) becomes available. Share this URL with managers and application authors.