A group defines a particular set of users and/or external identities. Smart API Manager uses groups to manage and control access to Smart APIs.
Access to Smart APIs is always managed at the group level.
Thus, giving a group permission to access a Smart API is a common workflow. At the same time, you can also manage claims, which are name/value pairs passed to a Smart API whenever a member of a group calls a Smart API.
Smart API Manager knows the supported claims for each Smart API (via Smart API registration). So, when you give a group access to a Smart API, the supported claims are available. You simply select which claims you want to pass and specify their value(s).
A group can have:
-
Access to one or more Smart APIs.
-
A different level of access to each Smart API.
-
Any combination of:
-
Individual or group identities originating from an external identity provider.
-
Individual users defined in Smart API Manager itself.
-
Group setup
There are three tasks required to initially set up groups:
Here are some sample goals related to Smart APIs and how groups are used to accomplish these goals:
Goal |
Group Setup Tasks Required |
---|---|
Configure the first set of users for a Smart Client. |
|
Expand an existing Smart Client for use in a new project office. |
Add identities for members from the new project office to the existing group that is authorized to use the Smart API called by the Smart Client. Alternately, if the existing group is authorized to use Smart APIs that are not related to the Smart Client, then you might need to complete all the steps so that the security of the other Smart APIs is maintained:
|
Give new employees access to the Smart Client their team uses for day-to-day work. |
Add the user, or identity representing the user, to the same group authorized to access the Smart APIs called by the Smart Client. |
Group administration
After a group is set up, administration tasks help you meet the ongoing access and security needs of your company.
To Change |
See These Administration Tasks |
---|---|
Membership |
|
Access to individual Smart APIs |
|
Access to all Smart APIs |
|
Claim values, which are used to determine the type and level of access users in the group have for individual Smart APIs |
|
Name |
If you do not know which group you need to modify, start with Find a group.