User and Programmers Guide

• Introduction
• User Guide
  • Logging in
  • Applications
    • List of applications
    • Register an application
    • Manage Roles
    • Show application
    • Register Pep Proxy and Iot Agents
    • Authorize users and organizations
    • Authorize trusted applications
  • Organizations
    • List of organizations
    • Create an organization
    • Show organization
    • manage members
• Programmer Guide
  • Further information

Introduction

This document describes the user and programming guide for Identity Management component. Here you will find the necessary steps for use the IdM portal for create an account and manage it. You will also learn about role and applications management.

User Guide

Logging in

Go to "Sign in" if you heave previously created an account, otherwise "Sign up" to create a new account:

Figure 1: IdM Log in page

Figure 2: IdM Sign up page

Once you have logged successfully, you will be redirect to the home page. There are two main sections, Applications and Organizations.

Figure 3: IdM home page

Applications

List of applications

Look at the vertical menu on the left and click on the My Applications option. Here you can see the application in which you are authorized. You can also select one of the organizations to which the user belongs and show all its applications.

Figure 4: List user applications

Figure 5: List organization applications

Register an application

In home page, in the Applications section you can register new application by clicking on "Register". You can also register an application from My Application page.

Figure 6: Home register an application

In the next step you have to give the application a name, description, URL and callback URL - required by the OAuth 2.0 Protocol. You also have to choose how is going to be the provider of the application: yourself or one of the organizations in which you are owner.

Figure 7: KeyRock Register Application

Click on "Next" (Figure 7).

In the second step the application's logo will be loaded by selecting a valid file type. You have the option to re-frame the chosen image.

Click on "Crop Image" when you complete this process and then click "Next" as shown on Figure 9.

Figure 8: Upload logo Application

Figure 9: Crop image

In the third step we set up the roles and permissions of the application. In the next section it is explained.

Manage roles

In this page you will find two default roles: Provider and Purchaser. If you click in one of this roles you will see the permissions assigned to that role.

Figure 10: List of roles and permissions

You are also able to create new roles and permissions.

Figure 11: Create roles and permissions

To create a new role click on "New role" and write the name of role, after that click "Save".

Figure 12: Create a role

You are also permitted to add up new permissions by clicking on "New Permission". Here you need to enter the name of the permission, description, HTTP verb (GET, PUT, POST, DELETE) and the Path to that permission. Click "Create Permission" and "Finish" to finalize with creating the application.

Figure 13: Create a permission

You can also configured a specific XACML rule if you need it.

In addition you can edit and delete all the roles and permissions that you have created by clicking in the corresponding buttons.

You can configure the permissions for the new role by activating the correspondng check box. Click "Save" button to create the new assignment.

Figure 14: KeyRock New assignment

Show application

Once you have created an application, you are redirected to the page where all the information is displayed. You can also access this information by clicking in the corresponding application from the My Applications page. The Oauth2 credentials of the application are displayed in this page.

Figure 15: Application view

You can also perform several actions:

• Edit the application. Here you can change applications attributes: name, description, url, redirect_uri and logo.
• Manage roles. Explained in the previous section.
• Register a Pep Proxy.
• Register an Iot Agent.
• Authorize users.
• Authorize organizations.

Register Pep Proxy and Iot Agents

For each application you can register a Pep Proxy in order to enable authentication and authorization via Oauth2. You can also register some IoT agents in the application to provide lightweight security mechanisms to yours IoT devices.

Figure 16: Pep Proxy and Iot Agents register

You can also reset passwords of this components or delete them.

Authorize users and organizations

You can add users or organizations in the application by clicking on the "Authorize" button.

Figure 17: KeyRock authorize

It shows a modal where you can manage Users and Groups. You can see the users or organizations and their initially assigned roles. You can search users or organizations in the right column. Note that you can assign roles after the user or organization have been added, by clicking on the roles drop down menu - below the user's icon, as shown on Figure 18 and Figure 19.

Figure 18: KeyRock Authorize users

Figure 19: KeyRock Authorize organizations

When you assign roles to an organization, you assign it to the users who are owners or memebers of the application. In next section is explained more in detail how to manage organizations.

Authorize trusted applications

When validating permissions in Keyrock's built-in PDP as explained here the application in which the permission was created and assigned to the user is checked.

Keyrock allows application owners to trust in other applications. Thus, a PDP check will validate if the user has an specific permission in the current application or in one of the applications in which it trusts. For adding trusted applications you can use the API or the web interface:

Figure 20: KeyRock Trusted Applications

Organizations

List organizations

Look again at the vertical menu on the left and click on the Organizations option. Here you can see all organizations to which the user belongs.

Figure 20: KeyRock list organizations

Click the "Create" button to create a new organization.

Create organization

In order to create an organization you need to specify a name and a description of it and then click on the "Create Organization" button.

Figure 21: KeyRock create organization

Show organization

You are now redirected to the Home menu on behalf of the newly created organization. Here you can see the several attributes of the organization.

Figure 22: KeyRock Organization view

You can also perform several actions:

• Edit the organization. Here you can: name, description, url and logo.
• Manage members.

Manage members

If you click on the "Manage" button in the show view a modal is openned. In this modal you can search users to add to the organization. You can assign them the owner role or the member role. Only the owners of the organization can edit or add new members to it.

Figure 23: KeyRock Organization view

Programmer Guide

Further information

For further information on KeyRock, please refer to the step-by-step video at Help & Info Portal choosing “Account”, as Figure 24

Figure 24: KeyRock Screencast