User Provisioning

Since v6.2.5/3

For a user to access the HVR Hub, they must be present in the HVR Hub System. Normally, users are added manually through the HVR UI or CLI. User provisioning enables automatic addition of users to the HVR Hub System.

When user provisioning is enabled, users who do not already exist in the hub system are automatically added to the HVR Hub System when they successfully log in using an external authentication method (such as SAML, PAM, Plugin, or Windows). An external authentication method refers to a system outside of HVR that performs user login validation.

The newly added user automatically inherits the default permission defined for “all users” in the hub system. The default permission for “all users” is usually defined during the hub server setup or updated later using the Permissions tab on the System page in the HVR UI or using the hvrhubconfig and/or hvrreposconfig command in the CLI.

To view the current default permission defined for “all users”, go to the Permissions tab on the System page in the HVR UI or run the command hvrhubconfig All_User_Access and/or hvrreposconfig All_User_Access in the CLI.
To view the existing users in the HVR Hub System, go to the Users tab on the System page in the HVR UI or run the hvruserconfig command (without any options) in the CLI.

Enabling User Provisioning

User provisioning is disabled by default. To enable it, use the hvrreposconfig command to set the repository property User_Auto_Create to one of the supported external authentication methods: pam, plugin, saml, or windows.

For example, to set plugin as the authentication method:

hvrreposconfig User_Auto_Create=plugin

When User_Auto_Create is set, and a user who does not already exist in the hub system logs in successfully using the specified authentication method, the user is automatically added to the hub system with the same username and associated authentication method.

To use the saml authentication method, you must configure SSO for the HVR Hub.