Granting Users SSO Access to Provisioned ML Workspaces
This topic describes how to create CDP groups that will be automatically granted SSO access to an ML workspace.
Enable SSO so that certain user groups are automatically logged into the provisioned workspaces with the right privilege levels
Required Role: PowerUser
A CDP PowerUser must create 2 groups per-workspace: one for users that require Site Administrator-level access, and one for regular Data Scientists. The group names must match those provided by each individual ML workspace. ML workspaces are designed to automatically allow SSO access only to those groups that match the provided names.
Site Administrator Group:
Users will be logged in with Site Administrator access.
Data Scientist Group (a.k.a regular users):
Users will be logged in as regular users that can run workloads (sessions/jobs/experiments/models).
Do not create your own group names. Group names are available from each workspace's Actions menu.
- Log in to the CDP web interface at https://console.us-west-1.cdp.cloudera.com using your corporate credentials or any other credentials that you received from your CDP administrator.
- Click ML Workspaces.
- For the workspace that you want to configure, click .
- Save the names of the User and Admin groups displayed on the popup. You will require these names when you create the groups in the following steps.
- Click OK to exit.
- Click .
- Enter the name of the group to be created for Site
Administrators. You must use the Admin Group name previously saved from the workspace.
- Add users to the Admin group you have created. For
instructions, see Management Console: Adding a user to a
group.The users you add to this group will have Site Administrator access to this workspace.
- Click .
- Repeat the last few steps to create a second group for regular users. Click .
- Enter the name of the group to be created for Data Scientists
(aka non-Site Admin users). You must use the User Group name previously saved from the workspace.
- Add users to the User group you have created. For instructions,
see Management Console: Adding a user to a
group.The users you add to this group will have regular user access to this workspace and will be able to run workloads on this workspace. This group must include all the users added to the Admin group in the previous step. That is, anyone who requires Site Administrator access must be a member of both groups.
- Click .
- Select the Sync Membership checkbox and click Update.