RiskVision can be configured to use an external directory to authorize access. By default, even if the Authentication connector has been established and configured correctly, only RiskVision users can access the RiskVision console.
You can import users from the external directory into RiskVision, or you can configure RiskVision to automatically create users based on information in the external directory whenever a user first logs in to RiskVision. As usual, there is a trade-off between convenience and security. Requiring that users be manually imported is more secure than creating users automatically.
If you want to allow a user to configure the external authorization, you should assign the System User Manage permission. This permission is assigned to the default Administrator role in RiskVision.
To configure authorization policy:
- In the Administration application, go to Administration > SAML Configuration and click the Authentication tab.
- Click Edit at the upper-right corner.
To automatically create RiskVision users when externally-authorized users first log in, choose No for the Allow only RiskVision usersquestion.
To limit logins to pre-existing RiskVision users only, choose Yes for the Allow only RiskVision usersquestion. Choose Yes if you do not plan to use an external directory, or if you plan to import users from the external directory manually.
- Click Save to update the configuration, or Cancel to exit without saving changes.