As per my understanding you are trying to setup custom identity provider and looking for the group-based access in MATLAB WebApp Server.
For group-based access control in your Web App Server with your custom identity provider, ensure that the identity provider includes group membership information as claims in the authentication token. This can typically be done through claims like "groups" or "roles" in the token.
Example claim in the token:
{
"groups": ["Marketing", "Development"]
}
There are couple of ways to achieve this:
Role-Based Access is more about manage apps (e.g., upload/delete apps using MATLAB webapps server page)
Policy-Based Access provides fine-grain access control to certain apps (or apps under a folder), such as run/modify apps.
Upon receiving the token, your Web App Server should check the "groups" claim to determine the user's group memberships. You can then map these groups to specific roles or policies within your application. For instance, you can refer the following segment form the “webapps_authn.json” configuration:
- for role based access control:
{
"id": "User",
"description": "A User can only execute web apps.",
"groups": {
"memberOf": ["CN=Marketing,OU=Mail,DC=ldap,DC=myboston,DC=com", "CN=Development,OU=Mail,DC=ldap,DC=myboston,DC=com"]
}
}
- for policy - based access control:
"subject": {
"memberOf": ["CN=Marketing,OU=Mail,DC=ldap,DC=myboston,DC=com", "CN=Development,OU=Mail,DC=ldap,DC=myboston,DC=com"]
}
You can refer to the following documentations for more details:
- Policy-Based Access - MATLAB & Simulink - MathWorks India
- Role-Based Access - MATLAB & Simulink - MathWorks India
Hope it helps!
