User Provisioning

Since v6.2.5/3

For a user to access the DSS Hub, they must be present in the DSS Hub System. Normally, users are added manually through the DSS UI or CLI. User provisioning enables automatic addition of users to the DSS Hub System.

When user provisioning is enabled, users who do not already exist in the hub system are automatically added to the DSS Hub System when they successfully log in using an external authentication method (such as SAML, PAM, Plugin, or Windows). An external authentication method refers to a system outside of DSS that performs user login validation.

The newly added user automatically inherits the default permission defined for “all users” in the hub system. The default permission for “all users” is usually defined during the hub server setup or updated later using the Permissions tab on the System page in the DSS UI or using the dsshubconfig and/or dssreposconfig command in the CLI.

Enabling User Provisioning

User provisioning is disabled by default. To enable it, use the dssreposconfig command to set the repository property User_Auto_Create to one of the supported external authentication methods: pam, plugin, saml, or windows.

For example, to set plugin as the authentication method:

dssreposconfig User_Auto_Create=plugin

When User_Auto_Create is set, and a user who does not already exist in the hub system logs in successfully using the specified authentication method, the user is automatically added to the hub system with the same username and associated authentication method.