Authentication

Users require a StreamSets Control Hub user account to log in. You can configure Control Hub to use the following methods to authenticate Control Hub user accounts:

Control Hub authentication

The built-in Control Hub authentication method authenticates a user using the credentials stored in the Control Hub relational database.

Control Hub authentication is the default authentication method. To use Control Hub authentication, organization administrators simply create Control Hub user accounts for their organization.

SAML authentication

If an organization uses a Security Assertion Markup Language (SAML) IdP, the organization can use the IdP to authenticate Control Hub users. SAML authenticates a user using the credentials stored in the IdP.

SAML authentication is configured by the organization administrator for each organization. To use SAML authentication, organization administrators enable SAML authentication for their organization, create Control Hub user accounts, and then map the Control Hub user accounts to IdP user accounts.

LDAP authentication

If your company uses Lightweight Directory Access Protocol (LDAP), you can use the LDAP provider to authenticate Control Hub users. LDAP authenticates a user using the credentials stored in the LDAP server.

LDAP authentication is configured by the default system administrator - the admin@admin user account - for the entire Control Hub system. To use LDAP authentication, the Control Hub system administrator configures LDAP connection information for Control Hub and then maps organization administrator accounts to LDAP users. Organization administrators then create Control Hub user accounts for their organization, mapping the Control Hub user accounts to LDAP users.

Control Hub can also retrieve group membership from the LDAP provider. To group users, organization administrators create Control Hub groups, and then map the Control Hub groups to LDAP groups.

Control Hub and SAML authentication are configured at the organization level. As a result, Control Hub can include some organizations that use Control Hub authentication and other organizations that use SAML authentication. For more information about Control Hub and SAML authentication, see SAML Authentication.

LDAP authentication is configured for the entire Control Hub system. As a result, after the system administrator enables LDAP authentication for Control Hub, all organizations must use LDAP authentication. You can enable Control Hub to use LDAP authentication during the installation process or after the installation process. For more information, see Enabling LDAP Authentication.