Groups - Intergraph Smart API Manager - 5.0 - Help

Intergraph Smart API Manager Help
Language
English
Product
Intergraph Smart API Manager
Search by Category
Help
Smart API Manager Version
5.0

A group defines a particular set of users and/or external identities. Smart API Manager uses groups to manage and control access to Smart APIs.

Access to Smart APIs is always managed at the group level.

Thus, giving a group permission to access a Smart API is a common workflow. At the same time, you can also manage claims, which are name/value pairs passed to a Smart API whenever a member of a group calls a Smart API.

Smart API Manager knows the supported claims for each Smart API (via Smart API registration). So, when you give a group access to a Smart API, the supported claims are available. You simply select which claims you want to pass and specify their value(s).

A group can have:

  • Access to one or more Smart APIs.

  • A different level of access to each Smart API.

  • Any combination of:

    • Individual or group identities originating from an external identity provider.

    • Individual users defined in Smart API Manager itself.

Group setup

There are three tasks required to initially set up groups:

  1. Register a new group

  2. Add a user or identity to a group

  3. Give a group access to a Smart API

Here are some sample goals related to Smart APIs and how groups are used to accomplish these goals:

Goal

Group Setup Tasks Required

Configure the first set of users for a Smart Client.

  1. Register a new group.

  2. Add the user, or identity representing the user, to the group. For example, add the developers and tester working on the Smart Client.

  3. Authorize the group to use the Smart API that is called by the Smart Client.

Expand an existing Smart Client for use in a new project office.

Add identities for members from the new project office to the existing group that is authorized to use the Smart API called by the Smart Client.

Alternately, if the existing group is authorized to use Smart APIs that are not related to the Smart Client, then you might need to complete all the steps so that the security of the other Smart APIs is maintained:

  1. Register a new group.

  2. For each member of the project office, add their user identity to the new group.

  3. Authorize the new group to use the Smart API called by the existing Smart Client.

Give new employees access to the Smart Client their team uses for day-to-day work.

Add the user, or identity representing the user, to the same group authorized to access the Smart APIs called by the Smart Client.

Group administration

After a group is set up, administration tasks help you meet the ongoing access and security needs of your company.

To Change

See These Administration Tasks

Membership

Remove a user from a group

Add an external identity user to a group

Add a local user to a group

Change an external identity

Access to individual Smart APIs

Disable a Smart API for a group

Enable a Smart API for a group

Remove group access to a Smart API

Give a group access to a Smart API

Access to all Smart APIs

Disable a group

Enable a group

Remove a group

Register a new group

Claim values, which are used to determine the type and level of access users in the group have for individual Smart APIs

Configure API claims for a group

Name

Change the name of a group

If you do not know which group you need to modify, start with Find a group.