Main Content

Configure Dashboard Access Control Using Other OpenID Connect Providers

MATLAB® Production Server™ Dashboard supports the use of any OpenID Connect (OIDC) identity provider for role-based access control for the dashboard. Role-based access control allows server administrators to grant access to specific areas of the dashboard to certain users or groups of users. For more information about the roles that the dashboard supports, see Dashboard Access Control.

To enable dashboard access control, configure the OIDC provider and specify dashboard access control policies, in consultation with the OIDC provider administrator.

Configure Identity Provider

To configure an identity provider:

  1. Log in to the dashboard to retrieve the redirect URI of the dashboard.

  2. At the identity provider's website, use the redirect URI to register the dashboard as a client application with the provider.

  3. In the dashboard, enter values specific to the registered application and identity provider.

Retrieve Redirect URI from Dashboard

To retrieve the redirect URI, start creating a configuration for your identity provider in the dashboard:

  1. Navigate to either the Dashboard Access Control tab or the Manage Identity Providers tab.

  2. Click Create and select Other.

  3. In Create Identity Provider for Dashboard Access Control, note the redirect URI of the dashboard.

    Later, you return to this view to specify the values required to configure your identify provider in the dashboard.

Register Application with Identity Provider

Register an application with the OIDC provider for MATLAB Production Server Dashboard. Consult the OIDC provider administrator to register the application. When registering the application, provide the redirect URI of the MATLAB Production Server Dashboard.

Specify Values in Dashboard

After you register the application with the identity provider, you receive application-specific values such as the client ID and client secret. Enter the values in the dashboard under Create Identity Provider for Dashboard Access Control.

The following table describes the values that you must enter. Click Create after you enter the values.

FieldDescription
Client IDApplication ID of the registered client application
Client SecretClient secret of the registered client application
OIDC IssuerDiscovery endpoint URI of the OIDC provider
JWT IssuerJWT issuer metadata of the OIDC provider
JWKS URIURI to retrieve the JSON Web Key Set (JWKS)

Under Create Identity Provider for Dashboard Access Control, you have the option to provide values other than the defaults for UserAttribute ID and GroupAttribute ID. UserAttribute ID is the JWT claim name that uniquely identifies a user. GroupAttribute ID is the JWT claim name that lists the groups that a user belongs to. Depending on the identity provider you use, you might have to change the defaults.

Specify Dashboard Access Control Policy

Before you can specify dashboard access control policies, you must have users, and if applicable, groups, set up in the identity provider. Consult the OIDC provider administrator for this setup.

The access control policies define areas of the dashboard that users or groups of users can access and tasks that they can perform in these areas.

  1. On the Dashboard Access Control tab of the dashboard, select the identity provider that you want to use.

  2. In the Dashboard Access Control Policy section, enter identity provider specific user names and group IDs to assign manager and application author roles to users or groups of users in your organization. Use a comma to separate multiple user names or group IDs. Click Save after you enter the values.

    For example, in the following illustration, the users alice@yourcompany.com and bob@yourcompany.com have the manager role. The user trent@yourcompany.com and all users that belong to group ID 1hui5f1a-0bc8-ioa9-afdc-cea5098005ab have the application author role.

Role settings on the dashboard access control policy tab

Enable Dashboard Access Control

After you configure the identity provider and specify access control policies, you must enable dashboard access control by selecting the Yes option. After enabling dashboard access control, a dashboard login URL that supports single sign-on (SSO) becomes available. Share this URL with managers and application authors.

Dashboard Access Control tab showing the access enabled and the URL to share

Related Topics