Main Content

Application Access Control

MATLAB® Production Server™ integrates with OAuth 2.0 providers such as Microsoft® Azure® Active Directory (Azure AD), Google® Identity, and PingFederate® from Ping Identity®, and uses JSON Web Tokens (JWTs) for application access control. Application access control lets server administrators restrict user access to applications or archives deployed to the server.

Note

Application access control is only available for clients that make server requests using the MATLAB Production Server RESTful API.

All users can access all applications by default.

To enable access control, configure the identity provider and define access control policy rules in the Application Access Control tab of the MATLAB Production Server dashboard. Use the access control policy rules to specify which users and groups of users have permission to execute deployed applications. After you enable access control, clients can generate a bearer access token that they must send with every server request. The server uses the bearer token to verify the identity of a client.

You must log in to the dashboard as an administrator or manager to configure application access control. For more information about the dashboard user roles, see Dashboard Access Control.

Configure Identity Provider and Specify Access Control Policy Rules

To configure an identity provider, register an application with the identity provider. Then, specify application-specific values and access control policy rules in the dashboard. The fields required to configure an identity provider vary based on the identity provider that you use.

For information about configuring specific identity providers and rules, see:

Enable Application Access Control

After you configure the identity provider and specify access control policy rules, you must enable application access control from the dashboard.

Application access control tab with the option to enable access control selected

Generate Access Token

After you enable application access control, clients can generate a bearer token. Client programs can use third-party libraries for token generation. For a list of OAuth libraries, see OAuth libraries. Client programs use this bearer token in the HTTP authorization header when making a request to the server using the MATLAB Production Server RESTful API. The format for this header is Authorization:Bearer <access token>.

Related Topics