3 minute read
You have the option to configure identity federation if you want to use groups and users from another system such as Active Directory, OpenLDAP, or Oracle Directory Server. This allows for seamless integration of your existing user and group management into the StorageGrid system, thus enabling your employees to use their familiar credentials to access plusserver S3 without having to manage separate credentials. Not only does this simplify administration, but it also enhances the security and user-friendliness of your plusserver S3 environment.
Our documentation will guide you through the process of setting up identity federation so you can quickly benefit from the advantages of this integration.
Now you are able to use identity federation.
To grant appropriate permissions to your users, you need to create a group first. Follow these steps:
By following these steps, you define an identity federation group derived from your identity federation. This group will serve as the central mechanism to assign users the appropriate access permissions to your resources.
If you want to create and manage users and groups via identity federation, it is important to consider this in bucket or group policies.
Here is an example of how you could create a policy for a bucket to grant access to only a specific user:
Example:
{
"Version": "2012-10-17",
"Id": "UserBucketPolicy",
"Statement": [
{
"Sid": "AllowUserAccess",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::ACCOUNT_ID:user/USERNAME"
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::BUCKET_NAME",
"arn:aws:s3:::BUCKET_NAME/*"
]
},
{
"Sid": "DenyOtherAccess",
"Effect": "Deny",
"NotPrincipal": {
"AWS": "arn:aws:iam::ACCOUNT_ID:user/USERNAME"
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::BUCKET_NAME",
"arn:aws:s3:::BUCKET_NAME/*"
]
}
]
}