Configure Dashboard Access Control Using PingFederate Identity Provider
MATLAB® Production Server™ administrators can use PingFederate® from Ping Identity® to configure role-based access control for the MATLAB Production Server Dashboard. Role-based access control allows administrators to grant access to specific areas of the dashboard to certain users or groups of users. For more information about the roles that the dashboard supports, see Dashboard Access Control.
To enable dashboard access control for MATLAB Production Server, configure PingFederate and specify access control policies, in consultation with the PingFederate administrator.
Refer to the PingFederate documentation to configure OAuth use cases, clients, and endpoints to configure OpenID® provider information:
Configure PingFederate Identity Provider
To configure PingFederate:
Log in to the dashboard to retrieve the Redirect URI of the dashboard.
Use the Redirect URI to register a client application in PingFederate.
In the dashboard, enter values specific to the registered application and PingFederate.
Retrieve Redirect URI from Dashboard
To retrieve the redirect URI, start creating a configuration for your identity provider in the dashboard:
Navigate to either the Dashboard Access Control tab or the Manage Identity Providers tab.
Click Create and select PingFederate.
In Create Identity Provider for Dashboard Access Control, note the redirect URI of the dashboard.
Later, you return to this view to specify the values required to configure your identify provider in the dashboard.
Register Application in PingFederate
Register an application in PingFederate for MATLAB Production Server Dashboard, if you do not already have one. Consult the PingFederate administrator to register the application. Provide the Redirect URI of the MATLAB Production Server Dashboard when registering the application.
Specify Values in Dashboard
After you register the application with PingFederate, you receive application specific values such as the Client ID and Client Secret. Enter the values specific to the application and values specific to PingFederate in the dashboard under Create Identity Provider for Dashboard Access Control.
The following table describes the values that you must enter. Click Create after you enter the values.
|Client ID||Application ID of the registered client application.|
|Client Secret||Client secret of the registered client application.|
|OIDC Issuer||Discovery endpoint URI of the OIDC provider.|
|JWT Issuer||JWT issuer metadata of the OIDC provider.|
|JWKS URI||URI to retrieve the JSON Web Key Set (JWKS).|
Specify Dashboard Access Control Policy
Before you can specify dashboard access control policies, you must have users, and groups, if applicable, set up in PingFederate. Consult the PingFederate administrator for this setup.
The access control policies define areas of the dashboard that users or groups of users can access and tasks that they can perform in these areas. Use the policies to assign the manager and application author roles to users or groups of users in your organization by entering their user names and group IDs. Click Save after you enter the values.
In the Dashboard Access Control tab of the dashboard, select PingFederate as the identity provider.
In the Dashboard Access Control Policy section, enter identity provider specific user names and group IDs to assign manager and application author roles to users or groups of users in your organization. Use a comma to separate multiple user names and group IDs. Click Save after you enter the values.
Enable Dashboard Access Control
After you configure PingFederate and specify access control policies, you must enable dashboard access control by selecting the Yes option. After enabling dashboard access control, a dashboard login URL that supports single sign-on (SSO) becomes available. Share this URL with managers and application authors.