DevOps Dashboard#
The Curity Identity Server includes a DevOps Dashboard, a simplified Admin UI that enables employees to manage identity resources. This enables organizations to scale their administration of the identity and access management (IAM) system to multiple teams, avoiding bottlenecks on a central administration team.
The DevOps Dashboard allows users to perform administrative operations including:
- User account management - Administer customer user accounts from data sources
- OAuth client management - Create, update, and manage OAuth clients
- Alarm monitoring - View and monitor system alarms
- Team-based access control - Grant granular permissions to different groups
Teams can be separated into groups with different administration rights, allowing for granular control over who can manage which resources. This enables developers, operators, and support teams to work independently without requiring full administrative access.
Authentication is tied to an OAuth client’s configuration, which means that authentication actions, claims providers, any supported user data store, and all of the other functionality in Curity can be used during the authentication and token issuance process. The DevOps Dashboard can be protected using multi-factor authentication for enhanced security.
Key Features#
The DevOps Dashboard provides several key capabilities for distributed identity administration:
Administer Customer Users#
One of the main features of the dashboard is to administer user accounts from a data source. This provides a fast way to precreate application users when getting started with the Curity Identity Server, or in scenarios where end users cannot register themselves.
The dashboard provides an intuitive interface for:
- Viewing and searching user accounts
- Creating new user accounts
- Editing existing user information
- Managing user credentials and attributes
OAuth Client Management#
The DevOps Dashboard provides developers with comprehensive OAuth client management capabilities:
- Create New Clients: Add new OAuth clients using simplified wizards for SPAs, mobile apps, backend services, and client credentials
- Modify Existing Clients: Update client configurations, redirect URIs, and settings
- Client Credentials: Manage client authentication methods and secrets
- Scope Management: Configure allowed scopes and permissions
- Testing Tools: Built-in tools for testing OAuth flows
Alarm Monitoring#
Operators can use the dashboard to monitor system health and troubleshoot issues:
- View Active Alarms: See current system alerts and warnings with severity levels
- Alarm Details: Access detailed information about specific alarms
- Historical Data: Review past alarm occurrences and patterns
- Status Overview: Get a quick overview of system health
- Connection Issues: Identify connectivity problems with external systems
- Filter & Search: Find specific alarms using filters and search capabilities
Teams who work on the applications impacted may be best positioned to advise on resolution actions, making distributed troubleshooting more efficient.
Grant Team Privileges#
When granting access to employees, you can categorize them into groups based on the levels of access you want to grant. For instance, members of the developers group can be denied access to customer user accounts, but allowed to work with settings for their OAuth clients and APIs.
Permissions can be granted in a manner that scales:
- Up to departmental boundaries: Organize permissions by team or department
- Down to individual clients: Grant access to specific OAuth clients or profiles
This enables larger organizations to distribute access based on:
- Levels of experience
- Trust boundaries
- Organizational structure
- Security requirements
If an employee has insufficient permissions, they will see either a permission denied message for sensitive data (like customer user accounts), or receive a forbidden error when attempting unauthorized operations.
Benefits#
- Reduced Bottlenecks: Distribute identity administration across multiple teams
- Improved Security: Implement least-privilege access to identity resources
- Faster Operations: Enable teams to self-service common tasks
- Better Collaboration: Allow multiple teams to contribute to identity management
- Operational Efficiency: Streamline troubleshooting and user administration
Getting Started#
To start using the DevOps Dashboard, you need to:
- Setup - Configure and enable the dashboard
- Authentication Options - Set up authentication methods
- Access Control - Control user permissions and group access
Additional Resources#
- DevOps Dashboard Webinar - Video introduction to the dashboard
- Running the DevOps Dashboard Tutorial - Hands-on tutorial for user administration
- DevOps Dashboard Features Overview - Learn about team privileges, OAuth management, and troubleshooting capabilities
Availability Considerations#
Be aware that the admin node that runs the dashboard is not built for high available scenarios like the run-time nodes of a cluster. There can be only one admin node in a cluster, and this is the only service that hosts the DevOps Dashboard and the RESTCONF API that it consumes.
As a result, if this node goes down, the DevOps Dashboard will be inaccessible. Also, if the database used for tokens in the configured OAuth profile goes down, login will be blocked. Alarms for database issues will be generated, and the status endpoint of the admin node is always available for determining liveness. These should be used to take action in case of issues.