To ensure security of the objects in your instance, VMware Telco Cloud Service Assurance allows you to configure multi-tenant capabilities on a provisioned on-premises server. Using a single installation of VMware Telco Cloud Service Assurance to serve multiple tenants, each with their own secure account.
Use access control to implement role-based access control (RBAC) for the users and resources in your organization.
Administrators can create access controls for roles within the system, determining which features they can access and how they can interact with them.
As a system administrator you can manage all aspects of user access control. You create user accounts, assign each user to be a member of one or more user groups, and assign roles to each user or user group to set their privileges.
Users must have privileges to access specific features in the VMware Telco Cloud Service Assurance user interface. Access control is defined by assigning privileges to both users and objects. You can assign roles to users, and enable them to perform a range of different actions on the same types of objects. For example, you can assign a user to use the administration section, and assign the same user or other user with read-only privileges for another feature.
Authentication Sources (LDAP)
VMware Telco Cloud Service Assurance uses authentication sources that enable you to import and authenticate users and user group information that reside on another machine - Lightweight Directory Access Protocol (LDAP) platform-independent protocol.
Users of VMware Telco Cloud Service Assurance can be managed Natively (local to Keycloak) or through LDAP (federated through Keycloak).
Native User Management
Administrator user logs into keycloak's user interface and accesses the User Management sections to add Users, add User groups and associate Users to User Groups. For more information on the user management in Keycloak, see the KB article.
LDAP User Management
Keycloak is used as an Identity Manager that federates authentication of users present in external identity providers such as LDAP.
To enable users present in external to access VMware Telco Cloud Service Assurance, the administrator user logs into the keycloak console and provisions the LDAP connection and mapper details.
For more information LDAP and Keycloak integration, see the KB article.
User Identity Management using VMware Identity Manager
Keycloak can used for broker authentication requests from client applications - VMware Telco Cloud Service Assurance, to an identity provider - VMware Identity Manager. Using VMware Identity Manager as the common identity provider enables Single Sign-On capabilities for client applications like vRealize Operations Manager and VMware Telco Cloud Service Assurance. To configure identity providers, see the KB article.