Authentication and Authorization
To support its user role-based authorization scheme, Cloudera Navigator integrates with external authentication mechanisms. External authentication mechanisms include:
- LDAP-compliant identity/authentication services, such as Active Directory and OpenLDAP
- SAML-based SSO solutions, such as Shibboleth and SiteMinder
Cloudera Manager Server has its own internal authentication mechanism, a database repository of user accounts. However, the user accounts defined in the internal Cloudera Manager account repository cannot be assigned Cloudera Navigator user roles. The only Cloudera Navigator user role that can be effectively applied to an account created in the Cloudera Manager internal repository is that of Navigator Administrator.
In other words, assigning Cloudera Navigator user roles to user accounts requires using an external authentication mechanism, such as Active Directory or OpenLDAP. See the following topics in the Cloudera Security guide for details: