Main Content

Configure Application Access Control Using Other Identity Providers

MATLAB® Production Server™ integrates with several OAuth 2.0 providers for application access control. Application access control lets server administrators restrict access to deployed applications to only certain users or groups of users. To enable application access control, configure an identity provider and specify access control policy rules, in consultation with the OAuth 2.0 provider administrator.

Register Application with Identity Provider

To use an identity provider for application access control, register an application with the identity provider. Consult the identity provider administrator to register the application.

Configure Identity Provider in Dashboard

After you register the application with the identity provider, create a configuration for the identity provider in the Application Access Control tab of the dashboard. Click Create and select Other. In Create Identity Provider for Application Access Control, enter application-specific and identity provider-specific values. Click Create. If the server is running on a Windows® virtual machine, saving the values can take up to 30 seconds.

The following table describes the values that you must enter.

FieldValue
Name

Name for your identity provider.

App IDIntended recipient of the JWT. The recipient helps in validating the aud claim in the JWT.
JWT IssuerJWT issuer metadata of the identity provider. The metadata string must match the iss claim in the JWT.
JWKS URIURI to retrieve the JSON Web Key Set (JWKS).

Under Create Identity Provider for Application Access Control, you have the option to provide values other than the defaults for UserAttribute ID and GroupAttribute ID. UserAttribute ID is the JWT claim name that uniquely identifies a user. GroupAttribute ID is the JWT claim name that lists the groups that a user belongs to. Depending on the identity provider you use, you might have to change the defaults.

Specify Access Control Policy Rules

Specify the applications that certain users or user groups can access by defining access control policy rules. To define a rule, click Add Rule under Access Control Policy in the Application Access Control tab of the dashboard. Then, specify the following information.

FieldValue
Rule ID

Name for the rule.

DescriptionDescription for your rule.
UsersUser names set up in the identity provider that are allowed access to deployed applications.
GroupsGroup IDs set up in the identity provider that are allowed access to deployed applications.
Applications

Applications that the specified users and groups can access.

To select all applications, select Apply this rule to all applications.

Enable Application Access Control

After you configure the identity provider and specify access control policy rules, you must enable dashboard access control by selecting the Yes option from the dashboard.

Application Access Control tab showing that access control is enabled

Generate Access Token

After you enable application access control, clients can generate a bearer token. Client programs can use third-party libraries for token generation. For a list of OAuth libraries, see OAuth libraries. Client programs use this bearer token in the HTTP authorization header when making a request to the server using the MATLAB Production Server RESTful API. The format for this header is Authorization:Bearer <access token>.

Related Topics