Table of Contents
Introduction
This document describes the default networking configuration for IAM Manager as well as common custom configurations.
Default Configuration
By default, IAM Manager starts up without authentication (admin_gui_auth),
and it assumes that the Admin API is available on port 8001 (admin_api_port)
of the same host that serves IAM Manager.
Custom Configuration
Common configurations to enable are
-
Serving IAM Manager from a dedicated IAM node
When IAM Manager is on a dedicated IAM node, it must make external calls to the Admin API. Set
admin_api_urito the location of your Admin API. -
Securing IAM Manager through an IAM authentication plugin
When IAM Manager is secured through an authentication plugin and not on a dedicated node, it makes calls to the Admin API on the same host. By default, the Admin API listens on ports 8001 and 8444 on localhost. Change
admin_listenif necessary, or setadmin_api_uri. -
Securing IAM Manager and serving it from a dedicated node
When IAM Manager is secured and served from a dedicated node, set
admin_api_urito the location of the Admin API.
The table below summarizes which properties to set (or defaults to verify) when configuring IAM Manager connectivity to the Admin API.
| authentication enabled | local API | remote API | auth settings |
|---|---|---|---|
| yes | admin_listen | admin_api_uri | admin_gui_auth, enforce_rbac, admin_gui_auth_conf |
| no | admin_listen | admin_api_uri | n/a |
To enable authentication, configure the following properties:
admin_gui_authset to the desired pluginadmin_gui_auth_conf(optional)enforce_rbacset toon
⚠️ When IAM Manager authentication is enabled, RBAC must be turned on to enforce authorization rules. Otherwise, whoever can log in to IAM Manager can perform any operation available on the Admin API.
Configuring IAM Manager to Send Email
A Super Admin can invite other Admins to register in IAM Manager, and Admins can reset their passwords using “Forgot Password” functionality. Both of these workflows use email to communicate with the user.
Emails from IAM Manager require the following configuration:
⚠️Important: IAM does not check for the validity of email addresses set in the configuration. If the SMTP settings are configured incorrectly, e.g. if they point to a non-existent email address, IAM Manager will not display an error message.
In addition, refer to the general SMTP configuration shared by IAM Manager and Dev Portal.
Next: Workspaces ›