skip to main content
Administering Hybrid Data Pipeline : Authentication : Advanced functionality for authentication services
  

Try Now

Advanced functionality for authentication services

Hybrid Data Pipeline supports the following advanced authentication functionality.
*Integrate multiple authentication services with a single user account
*Associate a group of users to a Hybrid Data Pipeline account using a wildcard
*Set a delimiter for the username credential

Integrate multiple authentication services with a single user account

Multiple authentication services can be integrated with a single Hybrid Data Pipeline user account. After the authentication services have been registered, administrators can configure a user account to use the registered services. In the following API request, an administrator associates a number of end users with a user account named odata_users with ID of 18. The internal_user uses the internal authentication mechanism. The other end users use separate authentication services as specified with the authServiceID property.
Note: You can also associate multiple services (and end users) with a user account through the Web UI. When creating or updating a user account, you can associate an external service with the account by clicking + Add Authentication Service under the Authentication Setup tab.
PUT https://MyServer:8443/api/admin/users/18/authinfo
{
"authUsers": [
{
"authUserName": "internal_user",
"authServiceId": 1
},
{
"authUserName": "odata_user_1",
"authServiceId": 21
},
{
"authUserName": "odata_user_2",
"authServiceId": 43
},
{
"authUserName": "odata_user_3",
"authServiceId": 89
}
]
}

Associate a group of users to a Hybrid Data Pipeline account using a wildcard

A wildcard can be used to associate a group of end users in an external authentication service with a user account. The only supported wildcard is *, which matches any and all names. In the following example, an administrator creates a user account called support_team and uses a wildcard to associate users in an external authentication service with this account.
Important: When a wildcard is used to associate end users with a user account, the Systems Configuration API must be used to implement a delimiter for the username credential as described in the next section.
POST https://MyServer:8443/api/admin/users
{
"userName": "support_team",
"statusInfo": {
"status": 1,
"accountLocked": false
},
"passwordInfo": {
"passwordStatus": 1,
"passwordExpiration": "2020-01-01 00:00:00"
},
"permissions": {
"roles": [
1
]
},
"authenticationInfo": {
"authUsers": [
{
"authUserName": "internal_user2",
"authServiceId": 1
},
{
"authUserName": "*",
"authServiceId": 21
}
]
}
}

Set a delimiter for the username credential

A delimiter can be specified to require the inclusion of the name of the authentication service, as well as the name of the end user when passing the username credential. A delimiter must be used whenever the wildcard is used to associate names from an external authentication service with a user account. A delimiter should also be required if there is a possibility of naming conflicts among end users from different external authentication services. In the following example, an administrator uses the Systems Configuration API to specify a delimiter.
Note: You can also set a delimiter from the System Configurations view using the Web UI. See System Configurations view for details.
PUT https://MyServer:8443/api/admin/configurations/1
{
"value": ":"
}
With this implementation, the username credential must take the form auth_user_name:auth_service_name (for example, user437:LDAP1).