User Identity and Access
This section covers user authentication, access control, and multi-tenancy.
Commander is fully integrated with AD/LDAP so that you can leverage your existing group hierarchies. It also provides single-sign-on (SSO) with SAML2 or Windows Session Authentication.
For more information, see User Authentication.
Commander has both an administrative console and a separate, web-based Service Portal interface. The Service Portal provides users with an information-rich view of resources without allowing any access to the underlying private or public cloud infrastructure.
To control access to the administrative console and the Service Portal, distinct roles are used to govern where users are permitted to sign in. By assigning roles, you can ensure that administrators have the right level of access to the various parts of your virtual infrastructure and users that aren't administrators, but do consume IT services and resources, are appropriately segregated.
For more information, see Access Control.
Organizations and Multi-tenancy
Multi-tenancy allows you to share your cloud resources effectively and securely amongst users. Organizations form the basis of a multi-tenant model — they are defined groups of users with a common business purpose. Using organizations allows you to:
- ensure that user groups can access only the resources assigned to them
- set up distinct cloud automation configurations for your user groups
- delegate administrative tasks to consumers, allowing you to lighten the load on administrators
For more information, see Organizations and Multi-Tenancy.