Initial admin identities
To be able to register new users and assign roles to them, first you need to set up an initial admin identity which inherently has access to everything and can assign roles and admin privileges to others as needed. After the initial setup, you can remove this configuration if needed.
You can configure initial admin identities in the
efm.security.user.auth.adminIdentitiesA comma separated list of identities needed for initial admins that can configure other user and group access policies in Edge Flow Manager (EFM). For example,
efm.security.user.auth.adminIdentitiesemail@example.com. If admin identities contain special characters such as a comma (,), then you can use the following alternative property key format:
- efm.security.user.auth.adminIdentities=CN=admin1, OU=systems, O=cloudera
- efm.security.user.auth.adminIdentities=CN=admin2, OU=systems, O=cloudera
- efm.security.user.auth.adminIdentities[n]=CN=adminN, OU=systems, O=cloudera
Starting EFM with this property and logging in with the predefined identity grants you administrator access.
This configuration property controls whether you want to create each user manually in the Administration page, or the system should do this automatically after the first login attempt for each user. This is a convenience functionality supported by the OIDC and SAML methods.
The following image shows the Administration page after initial admin login: