Initial admin identities

To be able to register new users and assign roles to them, first you need to set up an initial admin identity. This initial admin has comprehensive access rights and can assign roles and administrative privileges to others as needed. After the initial setup, you can remove this configuration if needed.

You can configure initial admin identities in the efm.properties file.
  • efm.security.user.auth.adminIdentities
    A comma separated list of identities needed for initial admins that can configure other user and group access policies in Edge Flow Manager (EFM). For example, efm.security.user.auth.adminIdentities=admin@cloudera.com. If admin identities contain special characters such as a comma (,), you can use the following alternative property key format:
    • efm.security.user.auth.adminIdentities[0]=CN=admin1, OU=systems, O=cloudera
    • efm.security.user.auth.adminIdentities[1]=CN=admin2, OU=systems, O=cloudera
    • efm.security.user.auth.adminIdentities[n]=CN=adminN, OU=systems, O=cloudera

    Starting EFM with this property and logging in with the predefined identity grants you administrator access.

  • efm.security.user.auth.autoRegisterNewUsers

    It controls whether you create each user manually in the Administration page, or the system should do this automatically after the first login attempt for each user. This is a convenience functionality supported by the OIDC and SAML methods.

The following image shows the Administration page after initial admin login:

You can also configure initial admin permissions at group level. To do this, you need to set the following properties:
efm.security.user.auth.groups.manager=EXTERNAL
efm.security.user.auth.groups.adminIdentities=Admin-Group-Name
Where,
  • efm.security.user.auth.groups.manager

    It indicates that user group management is handled externally by the IdP or LDAP. Its value can be INTERNAL, EXTERNAL, or LDAP. The default value is INTERNAL.

  • efm.security.user.auth.groups.adminIdentities
    A comma separated list of group names needed for initial admins that can configure other user and group access policies in EFM. If group names contain special characters such as a comma (,), you can use the following alternative property key format:
    • efm.security.user.auth.groups.adminIdentities[0]=Group,1
    • efm.security.user.auth.groups.adminIdentities[1]=Group,2
    • efm.security.user.auth.groups.adminIdentities[N]=Group,N