6.5.2 Access STSA Using SAMLRealm

This section provides information on managing users who can access STSA with Identity Provider (IdP or IDP). The IdP acts as the Single Sign-On (SSO) service provider for implementations between STSA, and Compliance Studio. This configuration prevents separate login for each application. An Identity Provider (IdP) is a service that stores and verifies user identity. IdPs are cloud-hosted services, and they often work with single sign-on (SSO) providers to authenticate users. An Identity Provider (IdP or IDP) stores and manages users' digital identities. An IdP checks user identities via username-password combinations and other factors, or it may simply provide a list of user identities that another Service Provider (like an SSO) checks. The following are the ready-to-use roles that can access STSA using SAMLRealm. To integrate STSA with IdP as the SSO Provider, follow these steps:

1. Create the following roles in the IDP System:
   For STSA:

   • IDNTYAUTH
   • MDLUSR
   • MDLREV
   • MDLAPPR
   • PMFADMIN
   • WKSPADMIN
   • DSUSRGRP
   • SIMULATIONUSR
   • AYCFGADMIN AY_CFG
   • PORTFOLIOADMIN
   • PROJECTADMIN
   • SCENARIOADMIN
   • METRICSADMIN
   • PROCESSADMIN
   • VARIABLEADMIN
   • CONFIGADMIN

   For STSA:

   • IDNTYADMN
   • IDNTYAUTH
   • MDLREV
   • MDLAPPR
   • MDLBATCHUSR
   • WKSPADMIN
   • MDLUSR
   • DSUSRGRP
   • DSREDACTGRP
   • GRPADMIN
   • GRPUSR

   Note:

   IDNTYADMN role is required only if you need the Admin Access.
2. Map the user groups to the respective user based on the user roles. The default permissions mapped to these users are available in the Permission section. However, these permissions can be added or modified.

   Note:

   It is recommended to use AAIRealm or SAMLRealm.