Setup role-based access control for APPUiO Cloud
This guide describes how to setup role-based access control (RBAC) for users registered directly in APPUiO IdP.
|See Configure role-based access control for brokered users to setup RBAC for users brokered from another identity provider.|
|This page will be updated once we’ve implemented support for selectively granting users access to single APPUiO Zones.|
Installed APPUiO IdP (see Install Keycloak)
Administrator console access to APPUiO IdP
Create customized browser login flow
|This section only needs to be done once.|
Login to APPUiO IdP as Administrator
Go to realm
Select flow "Browser" and click "Copy." Give the copy a descriptive name, for example "browser rbac."
In row "Browser Rbac Forms" select.
Alias = check user roles Description = Check user's roles and deny access if user isn't granted access to APPUiO Cloud Flow Type = generic
Change the new "Check User Roles" sub-flow to type
Selecton the "Check User Roles" sub-flow to add an execution in the flow
Provider = Condition - User Role
Configure the new "Condition - User Role" execution by selecting
Alias = check-user-role User role = appuio-zone-access Negate output = ON (1)
1 We negate the output of the "Condition - User Role" execution to break out of the sub-flow for users who have the specified role.
Add a new execution to deny access to users who didn’t break out of the sub-flow
Provider = Deny access
Mark both executions in the "Check User Roles" sub-flow as