Authorization Overview

Updated on 29 Apr 2024

Dark

Light
PDF

Article summary

Did you find this summary helpful?

Thank you for your feedback

Authorization UI

The main user interface (UI) for Authorization is described below. Role-based access for specific users and groups is set through the Admin Essentials | User Management page views. Please note that available views, features, and interactions in the UI are limited based on user permissions.

Starting with release version 2021.2, IAP has a new user interface (UI) to administer users, groups, and roles. Users and groups are contained, along with a new UI for role configuration, in the Authorization section of the Admin Essentials application.

There are two pathways to access Authorization. From the IAP home page, you can navigate to Admin Essentials > Quick Start > Authorization. Another way is to click Authorization in the left sidebar to open the accordion menu.

Figure 1: Authorization

01-authorization-21.2

Terminology

Various terms related to IAP users, groups, and roles are defined in the following table.

Term	Definition
User	An entity that can perform specific actions within multiple IAP applications based on group associations.
Group	A collection of roles that can be assigned to a user.
Role	A collection of granular level privileges that can be assigned to groups.
Permission	Authorization granted to an API and a specific page view.
Provenance	Refers to the source (origin) of a group. For external groups, this is set to the IAP AAA `adapterId`. For IAP groups, it is not set.

Networking Requirements

If you have Cisco NSO and want to use the NSO External Authentication script, network connectivity is required between the two, typically port 3000. For more information on how to install the NSO External Authentication script, see the Network Adapters section of the IAP Integrations guide.

Was this article helpful?

What's Next

Users

Table of contents

Authorization UI
Networking Requirements