Allow multiple authentication sources simultaneously
Currently Ops Manager authentication supports either the Application Database, LDAP, or SAML, but these methods cannot be combined. Ideally we would like to move to LDAP, but we are stuck with the local authentication method as we depend on a local admin user which is used when first deploying and configuring the Ops Manager ecosystem. We also do not want to depend solely on the availability of the LDAP servers regarding an admin user. The MongoDB cluster deployments do support multiple authentication methods at the same time (we have local admin and monitoring accounts while users are authenticating via LDAP), it would be great if you could allow the same setup for Ops Manager.
-
Luciën commented
Like in many other tools, it would be good to see that OpsManager becomes new enterprise-settings for user authentication:
A. which allows 1 or more authentication methods to be used at the same time, where the order can be selected by the administrator.
B. which allows a certain configurable timeout in case the first authentication method is unavailable, before using the 2nd method.
C. which allows the administrator to select role-management locally by opsmanager (in the local DB), or role-management externally stored in ldap/saml
D. which allows the administrator also the option for only user/password authentication in ldap/saml, without impacting the local role management settings. -
Matthias commented
We also like to have multiple authentication schemas for same reasons above.