Skip to main content

Identity and Access

RapidMiner comes with a handy Identity and Access Management component which provides administrators with control over user authentication and authorization.

Here we cover the steps that need to be taken before end-users of an organization can start using RapidMiner, as well as more advanced topics such as federated identity and fine-grained role-based authorization.

Initial setup

When we provision access to RapidMiner for an organization, we provide their administrators with an initial login to our Identity and Access component. This is a special user which does not have access to the platform itself, its purpose is to create or federate users who will in turn have access the platform.

First, our customer success managers will reach out and share the initial credentials for this administrator login tied to your organization.

Use this to log in at theIdentity and Access Management Console. You will be required to change your password on your first login.

Next, you can startprovisioning usersor configuringidentity federation.

Basic user management

Let's cover basics next, such as creating new users, setting their (initial) passwords and assigning them roles so they can use the platform.

Creating users

First, log in to theIdentity and Access Management Consolewith your special administrator user.

  1. Click onUsers, and on theAdd Userbutton.

  2. Provide the user's name and email address.

  3. After double-checking the email address, enable theEmail Verifiedtoggle.

  4. ClickSave.

Next, we have to create an initial password for the user. To do this, click on theCredentialstab.

Type a password and the password confirmation, then clickSet Password.

tip

It is a good practice to create a temporary password, which will have to be changed by the user on their first successful login. If you wish to disable this for the current user, simply disable theTemporarytoggle before setting the password.

Setting up access

We provide secure access using default settings according to the highest security standards.

For those customers which need very specificsecurityandlogin settings, we also provide a lot of flexibility.

As a best practice, we recommend setting upidentity federationfor a seamless single sign-on experience for end-users.

Login settings

TheRealm Settingsmenu provides options to configure the login experience for users. We will highlight a few of the most important ones here.

  • To enable self-service password reset, enable theForgot passwordtoggle on theLogintab.

  • To enable self-signup, enable theUser registrationtoggle on theLogintab.

  • To keep users logged in between browser restarts, until the session expires, enable theRemember Metoggle on theLogintab.

  • To require email verification after first login, enable theVerify emailtoggle on theLogintab.

tip

忘记密码,用户registration, and verify email functionality requires configuration for sending outgoing emails. This is coming soon.

Identity federation

Coming soon.

Roles

All users are created with theuserrole, which allows access to all applications of the platform.

More roles will be added as the platform evolves.

Security

We've taken great care about platform security, which also covers setting good defaults for timeouts, etc. However, we appreciate that some organization are stricter than others when it comes to security, and we wanted to make sure we give administrators the flexibility to tweak security settings to meet their own organization's standards.

Fine-tuning timeouts

We use industry best-practice values for timeouts and idle times, to create a user experience that's as frictionless as possible, but also secure.

If you wish, you can fine-tune these on theTokenstab in theRealm Settingsmenu. The range of possibilities is quite large, you can use the tooltips to learn more about each timeout, here we will highlight a few key ones.

  • To change how long a user can stay idle without getting logged out, adjust theSSO Session Idlevalue.

  • To change how long before a user is logged out (idle or not), adjust theSSO Session Maxvalue.

  • To change how long a user has to complete a login action (such as a password change), adjust theLogin action timeoutvalue.

  • To change how long a user has to complete a login, adjust theLogin timeoutvalue.

Password policies

当不使用联合登录,管理员might want to impose policies which user passwords must adhere to.

To add password policies, click on theAuthenticationmenu, and select thePassword Policytab.

Next, click on theAdd Policydropdown, and select the policy element you wish to add.

tip

As an example, if user passwords should be at least 10 characters long, selectMinimum Lengthfrom theAdd Policydropdown. In the table row that appears, type 10 in thePolicy Value列。

When you are done with adding all the password policy elements, click onSaveto apply your changes, which will come affect all new users and password resets.

You can add several password policy requirements. All of them will be enforced.