Creating custom user attributes
Create custom user attributes that you will use to authenticate users. You can use the P1AS Customer Tenant Configuration Postman collection, or add the attributes manually.
If you’re using Postman
Steps
-
Navigate to the first step in the collection: P1AS Customer Tenant Configuration → Tenant Configuration → Step 1. Create User Custom Attributes
-
Drag and drop the step into the Run order window.
-
Click Run and determine if issues exist.
If you’re creating attributes manually
Steps
-
Go to Directory → User Attributes.
-
Click the icon, select Declared as the attribute type, and click Next.
-
Add the ArgoCD attribute:
-
In the Name field, enter
P1ASArgoCDRoles
. -
In the Display Name field, enter
P1AS ArgoCD Roles
. -
In the Description field, enter
P1AS app roles for ArgoCD
. -
Select the Allow multiple values option.
-
Select the Enumerated values option and enter
argo-configteam
in the corresponding field. -
Click Save.
-
-
Add the Grafana attribute:
-
In the Name field, enter
P1ASGrafanaRoles
. -
In the Display Name field, enter
P1AS Grafana Roles
. -
In the Description field, enter
P1AS app roles for Grafana
. -
Select the Allow multiple values option.
-
Select the Enumerated values option and enter the appropriate administrative role attribute mappings for each of your environments. You can find a complete list of available mappings in Grafana roles.
For example, if you want to provide Grafana editor access to the development environment, enter
dev-graf-editor
in the corresponding field. To set it up for production and staging environments, enterprod-graf-editor
andstage-graf-editor
. -
Click Save.
-
-
Add the Opensearch attribute:
-
In the Name field, enter
p1asOpensearchRoles
. -
In the Display Name field, enter
P1AS Opensearch Roles
. -
In the Description field, enter
P1AS app roles for Opensearch
. -
Select the Allow multiple values option.
-
Select the Enumerated values option and enter
os-configteam
in the corresponding field. -
Click Save.
-
-
Add the PingAccess attribute:
-
In the Name field, enter
P1ASPingAccessRoles
. -
In the Display Name field, enter
P1AS PingAccess Roles
. -
In the Description field, enter
P1AS app roles for Grafana
. -
Select the Allow multiple values option.
-
Select the Enumerated values option and enter the appropriate administrative role attribute mappings for each of your environments. You can find a complete list of available mappings in PingAccess roles.
For example, if you want to provide PingAccess admin access to the development environment, enter
dev-pa-admin
in the corresponding field. To set it up for production and staging environments, enterprod-pa-admin
andstage-pa-admin
. -
Click Save.
-
-
Add the PingFederate attribute:
-
In the Name field, enter
P1ASPingFederateRoles
. -
In the Display Name field, enter
P1AS PingFederate Roles
. -
In the Description field, enter
P1AS app roles for PingFederate
. -
Select the Allow multiple values option.
-
Select the Enumerated values option and enter the appropriate administrative role attribute mappings for each of your environments. You can find a complete list of available mappings in PingFederate roles.
For example, if you want to provide PingFederate audit access to the development environment, enter
dev-pf-audit
in the corresponding field. To set it up for production and staging environments, enterprod-pf-audit
andstage-pf-audit
. -
Click Save.
-
-
Add the Prometheus attribute:
-
In the Name field, enter
P1ASPrometheusRoles
. -
In the Display Name field, enter
P1AS Prometheus Roles
. -
In the Description field, enter
P1AS app roles for Prometheus
. -
Select the Allow multiple values option.
-
Select the Enumerated values option and enter
prom
in the corresponding field. -
Click Save.
-
-
Add the Self-Service attribute:
-
In the Name field, enter
p1asSelfServiceRoles
. -
In the Display Name field, enter
P1AS Self-Service Roles
. -
In the Description field, enter
P1AS app roles for Self-Service
. -
Select the Allow multiple values option.
-
Select the Enumerated values option and enter the appropriate administrative role attribute mappings for each of your environments. You can find a complete list of available mappings in Self-Service roles.
For example, if you want to provide TLS self-service admin access to the development environment, enter
dev-tls-admin
in the corresponding field. To set it up for production and staging environments, enterprod-tls-admin
andstage-tls-admin
. -
Click Save.
-