Initial admin identities
To be able to register new users and assign roles to them, first you need to set up an initial admin identity which inherently has access to everything and can assign roles and admin privileges to others as needed. After the initial setup, you can remove this configuration if needed.
efm.properties
file.efm.security.user.auth.adminIdentities
A comma separated list of identities needed for initial admins that can configure other user and group access policies in Edge Flow Manager (EFM). For example,efm.security.user.auth.adminIdentities=admin@cloudera.com
. If admin identities contain special characters such as a comma (,), you can use the following alternative property key format:- efm.security.user.auth.adminIdentities[0]=CN=admin1, OU=systems, O=cloudera
- efm.security.user.auth.adminIdentities[1]=CN=admin2, OU=systems, O=cloudera
…
- efm.security.user.auth.adminIdentities[n]=CN=adminN, OU=systems, O=cloudera
Starting EFM with this property and logging in with the predefined identity grants you administrator access.
efm.security.user.auth.autoRegisterNewUsers
It controls whether you create each user manually in the Administration page, or the system should do this automatically after the first login attempt for each user. This is a convenience functionality supported by the OIDC and SAML methods.
efm.security.user.auth.groups.manager=EXTERNAL
efm.security.user.auth.groups.adminIdentities=Admin-Group-Name
-
efm.security.user.auth.groups.manager
It indicates that user group management is handled externally by the IdP. Its value can be INTERNAL or EXTERNAL. The default is INTERNAL.
-
efm.security.user.auth.groups.adminIdentities
A comma separated list of group names needed for initial admins that can configure other user and group access policies in EFM. If group names contain special characters such as a comma (,), you can use the following alternative property key format:- efm.security.user.auth.groups.adminIdentities[0]=Group,1
- efm.security.user.auth.groups.adminIdentities[1]=Group,2
- efm.security.user.auth.groups.adminIdentities[N]=Group,N