Tasks that Require Control Hub Credentials
When SAML authentication is enabled, the following tasks require that users be authenticated by Control Hub:
- Update the SAML IdP configuration in the organization details if the SAML IdP is incorrectly configured in Control Hub.
- Use the Data Collector command line interface.
- Log into a Data Collector running in disconnected mode.
- Use the Control Hub REST API or the SDK for Python.
- Organization Administrator
Users with the Organization Administrator role can complete all of these tasks.
- Control Hub Authentication
Users with the Control Hub Authentication role can complete all of the tasks except for updating the SAML IdP configuration, as long as they have all other required roles. For example, to delete jobs using the Control Hub REST API when SAML is enabled, a user must have the Control Hub Authentication role, Organization User role, and the Job Operator role.
Users with the Organization Administrator role or the Control Hub Authentication role can be authenticated by the SAML IdP using IdP credentials or by Control Hub using Control Hub credentials. In most cases, users with these roles will log in just like any other user in the organization and will be authenticated by the SAML IdP.
However, when needed, users with the Organization Administrator role or the Control Hub Authentication role can use the following page to log into Control Hub using Control Hub credentials:
https://cloud.streamsets.com/security/dpmloginhttps://<hostname>:18631/security/dpmloginFor example, if the SAML IdP is incorrectly configured within Control Hub, users cannot log in using SAML authentication. Users with the Organization Administrator role can use their Control Hub credentials to log in using this URL to re-enable access to Control Hub.