Subsections of Security
LDAP Integration
This section helps you to configure your LDAP server. LDAP is the Lightweight Directory Access Protocol. It’s a hierarchical organization of Users, Groups, and Organizational Units - which are containers for users and groups. Every object has it’s own unique path to it’s place in the directory - called a Distinguished Name, or DN.
Manage the LDAP settings by navigating to Administration → Security → LDAP Configuration.
Note
You need to restart the backend application to fully apply the changes.
LDAP configuration
The following settings are available:
Server Details
| Setting | Description | Example |
|---|---|---|
| Server URL | FQDN/IP of the LDAP server | ldap.example.com |
| Port URL | The port of your LDAP server. | 389 |
| Method | The authentication method. | simple / simple_tls / start_tls |
| Admin DN | Used only with search authentication method. It is the DN of the user who will bind to the LDAP server to perform the search. | uid=serviceboard,cn=users,cn=accounts,dc=int,dc=serviceboard,dc=io |
| Password | Password used to authenticate to your LDAP server. |
User Search & Filters
Note
Only direct group members are synchronized (indirect membership is currently not supported).
Info
User accounts are created in Serviceboard on the first authentication to Serviceboard. If a user object is not returned by LDAP configuration, it is disabled automatically.
Info
First name, last name and line manager is updated automatically on every user authentication if there is any change to those attributes.
| Setting | Description | Example |
|---|---|---|
| User Search Base | User search base for filtering users. | cn=accounts,dc=int,dc=serviceboard,dc=io |
| Group membership | Enable if the authenticated user must be a member of a specific group(s). | Group Search Base: cn=groups,cn=accounts,dc=int,dc=dostack,dc=io Group Membership Attribute: member Group DN: cn=serviceboard-users,cn=groups,cn=accounts,dc=int,dc=dostack,dc=io |
| Attributes | Enable if the authenticated user should meet a certain criteria, | Attribute: objectClass Value: inetOrgPerson |
| Attribute presence | Enable if the authenticated user should contain a specific attributes. | Attribute: mail |
User Attribute Mappings
| Setting | Description | Example |
|---|---|---|
| Username | User attribute of the username. | uid |
| First Name | User attribute of the first name. | givenName |
| Last Name | User attribute of the last name. | sn |
| User attribute of the email. | ||
| Manager | User attribute of the line manager. | manager |
Groups Synchronization
Info
Groups are fetched from LDAP automatically. If a group is not returned by LDAP configuration, it is disabled automatically. Members (users) of are automatically added unless they have not authenticate to Serviceboard yet.
| Setting | Description | Example |
|---|---|---|
| Group Search Base | Group search base for filtering groups. | cn=groups,cn=accounts,dc=int,dc=serviceboard,dc=io |
| Group Filter | Filter for filtering groups. | |
| Name | Group attribute of the name. | name |
| Description | Group attribute of the description. | description |
| Members | UGroup attribute of the members. | member |
Test Connection
Tests ability to connect to your LDAP server. Also tests ability to authenticate test-user and shows result of mapping-test-user’s meta-data. You need to save the LDAP configurations above in order to test it. Note: test-user credentials are not saved in DB.
Users
User management section helps you to view and manage users by navigating to Administration → Security → Users.
Serviceboard provides roles model to empower users to perform certain actions. The following roles are available:
Info
Exactly one role can be assigned to a single user.
- Admin - Can manage permissions across the entire organization and other administrative functions available.
- Project Creator - Can create and manage owned enterprise projects.
- User - Can log in to the application, browse non restricted enterprise projects, manage projects with privileged access and consume available services.
Role can be changed from the user detail page.
Groups
Group management section helps you to view and manage groups for your organization by navigating to Administration → Security → Groups.
If you enabled the groups sync from LDAP, they will be automatically fetched and made available in Serviceboard. However, you also can create internal groups directly in Serviceboard.
Info
Groups are typically used for more efficient restriction of individual services or bundles or to manage enterprise projects.
Secrets
Secrets are used to authenticate to REST APIs of your integrations or external field inputs. Navigate to Administration → Security → Secrets to manage secrets.
Serviceboard currently supports the following secret types:
- Username/Password
- Token
- Bearer Token
Info
For increased security and better management, you may use an external secrets store, read more Secret Store