User Managers
In JMap Admin, the user manager configuration can be accessed by clicking on Users / Groups in the JMap Server section. Select the User manager tab.
The user manager allows you to define how JMap will manage user accounts and groups. There are two ways to manage this information with JMap:
Using the JMap user account database you create and delete the user accounts directly from JMap Admin;
By connecting to an existing database of user accounts such as a Windows Active Directory system, an LDAP compatible system or a relational database or by connecting to an identity manager using protocols such as SAML2 or Open Id Connect.
Several systems can also be combined to be used simultaneously (e.g. the JMap database and Windows Active Directory). These systems are then used as a single system. When JMap Server connects to an existing database, user account management is simplified because no account or user group needs to be created and managed in JMap.
The following sections describe each available option.
Synchronizing user permissions
When you connect to a user or identity manager that is external to JMap (Active Directory, LDAP, OIDC, SAML2 or an external relational database), it is useful to synchronize JMap Server with the database for 2 reasons :
When users or groups are deleted from the database and those deleted users or groups had been given permissions in JMap (e.g. to open a project or view certain layers), the permissions are not deleted from JMap Server permission lists. This can happen because JMap Server is not aware the users or groups have been deleted from the database. When synchronizing, JMap Server removes all existing permissions for deleted users and groups. However, even if you don’t synchronize, there is no security problem because deleted users will fail at login.
When the contents of user groups are modified (members added or removed), so that JMap Server can reload the lists of users that belong to the groups. JMap Server keeps the group member lists in memory for performance reasons.
You can automate the synchronization by selecting the option Synchronize automatically every… and specifying a time period.
Dernière mise à jour