diff --git a/_unused_topics/identity-provider-provisioning-user-lookup-mapping.adoc b/_unused_topics/identity-provider-provisioning-user-lookup-mapping.adoc deleted file mode 100644 index 6d490d6ace..0000000000 --- a/_unused_topics/identity-provider-provisioning-user-lookup-mapping.adoc +++ /dev/null @@ -1,56 +0,0 @@ -// Module included in the following assemblies: -// -// * orphaned - -[id="identity-provider-provisioning-user-lookup-mapping_{context}"] -= Manually provisioning a user when using the lookup mapping method - -When using the `lookup` mapping method, user provisioning is done by an external system, via the API. -Typically, identities are automatically mapped to users during login. The 'lookup' mapping method automatically -disables this automatic mapping, which requires you to provision users manually. - - -.Procedure - -If you are using the `lookup` mapping method, use the following steps for each user after configuring -the identity provider: - -. Create an {product-title} User, if not created already: -+ ----- -$ oc create user ----- -+ -For example, the following command creates an {product-title} User `bob`: -+ ----- -$ oc create user bob ----- - -. Create an {product-title} Identity, if not created already. Use the name of the identity provider and -the name that uniquely represents this identity in the scope of the identity provider: -+ ----- -$ oc create identity : ----- -+ -The `` is the name of the identity provider in the master configuration, -as shown in the appropriate identity provider section below. -+ -For example, the following commands creates an Identity with identity provider `ldap_provider` and the identity provider user name `bob_s`. -+ ----- -$ oc create identity ldap_provider:bob_s ----- - -. Create a user/identity mapping for the created user and identity: -+ ----- -$ oc create useridentitymapping : ----- -+ -For example, the following command maps the identity to the user: -+ ----- -$ oc create useridentitymapping ldap_provider:bob_s bob ----- diff --git a/authentication/understanding-identity-provider.adoc b/authentication/understanding-identity-provider.adoc index 018ae85bc8..9c4a9a8f5f 100644 --- a/authentication/understanding-identity-provider.adoc +++ b/authentication/understanding-identity-provider.adoc @@ -78,3 +78,10 @@ include::modules/authentication-remove-kubeadmin.adoc[leveloffset=+1] include::modules/identity-provider-parameters.adoc[leveloffset=+1] include::modules/identity-provider-default-CR.adoc[leveloffset=+1] + +include::modules/identity-provider-provisioning-user-lookup-mapping.adoc[leveloffset=+1] + +[role="_additional-resources"] +.Additional resources +* link:https://access.redhat.com/solutions/6006921[How to create user, identity and map user and identity in LDAP authentication for `mappingMethod` as `lookup` inside the OAuth manifest] +* link:https://access.redhat.com/solutions/7072510[How to create user, identity and map user and identity in OIDC authentication for `mappingMethod` as `lookup`] diff --git a/modules/identity-provider-provisioning-user-lookup-mapping.adoc b/modules/identity-provider-provisioning-user-lookup-mapping.adoc new file mode 100644 index 0000000000..cfc6920f0a --- /dev/null +++ b/modules/identity-provider-provisioning-user-lookup-mapping.adoc @@ -0,0 +1,37 @@ +// Module included in the following assemblies: +// +// * authentication/understanding-identity-provider.adoc + +[id="identity-provider-provisioning-user-lookup-mapping_{context}"] += Manually provisioning a user when using the lookup mapping method + +Typically, identities are automatically mapped to users during login. The `lookup` mapping method disables this automatic mapping, which requires you to provision users manually. If you are using the `lookup` mapping method, use the following procedure for each user after configuring the identity provider. + +.Prerequisites + +* You have installed the {oc-first}. + +.Procedure + +. Create an {product-title} user: ++ +[source,terminal] +---- +$ oc create user +---- + +. Create an {product-title} identity: ++ +[source,terminal] +---- +$ oc create identity : +---- ++ +Where `` is a name that uniquely represents the user in the identity provider. + +. Create a user identity mapping for the created user and identity: ++ +[source,terminal] +---- +$ oc create useridentitymapping : +----