Knox SSO with DPS
DPS Platform and the DPS Apps leverage Knox SSO to provide users and services with simplified and consistent access to clusters, data and other services. You must configure Knox SSO on the clusters you plan to use with DPS. You will perform this Knox SSO setup on your clusters after you perform the DPS Installation. Refer to DPS Installation for more information.
DPS authenticates users against a centralized identity provider in the organization (such as an LDAP or AD). Having Knox SSO setup with your clusters ensures that those users and services are authorized to perform specific actions on the respective clusters, and propagates the identity of the user or service from DPS to the cluster services. You must perform the Knox SSO setup on your clusters after you perform the DPS Installation.
 | Important |
|---|---|
The Knox SSO of your cluster must be configured to use the same LDAP/AD as your DP instance for user identity to match and propagate between the systems. |
Minimally, your cluster requires a Knox SSO configuration to include the following cluster services: Ambari, YARN and HDFS. Refer to your specific DPS Apps documentation for any additional cluster services that may also be required to be configured in Knox SSO.
Refer to the following documentation on how to configure your cluster for Knox SSO:
| Resource | Documentation |
|---|---|
| Install Knox and enable in Ambari | HDP Security Guide, Install Knox |
| Configure SSO topology | HDP Security Guide, Identity Providers (IdP) |
| Configure Knox SSO for Ambari | HDP Security Guide, Setting up Knox SSO for Ambari |
| Configure LDAP with Ambari | Ambari Security Guide, Configuring Ambari Authentication with LDAP or Active Directory Authentication |