Main Content

Configure Application Access Control Using Google Identity

MATLAB® Production Server™ administrators can use Google® Identity to restrict access to deployed applications to only certain users or groups of users. To enable application access control, configure Google Identity and specify access control policies, in consultation with the Google Identity administrator.

Register Application in Google Cloud Platform Console

To use Google Identity for application access control, register an application in the Google Cloud Platform Console. For more information about registering an application, see Google Identity documentation.

Configure Identity Provider in Dashboard

After you register the application in Google, create a configuration for Google Identity in the Application Access Control tab of the dashboard. Click Create and select Google. In Create Identity Provider for Application Access Control, enter application-specific and identity provider-specific values. Click Create. If the server is running on a Windows® virtual machine, saving the values can take up to 30 seconds.

The following table describes the values that you must enter.

FieldValue
Name

Name for your Google identity provider configuration

App IDClient ID of the application registered in Google for application access control

Specify Access Control Policy Rules

Specify the applications that certain users or user groups can access by defining access control policy rules. To define a rule, click Add Rule under Access Control Policy in the Application Access Control tab of the dashboard. Specify the following values.

FieldValue
Rule IDName for the rule
DescriptionDescription for the rule
UsersGoogle user names that are allowed access to deployed applications
GroupsGoogle group IDs, if applicable, that are allowed access to deployed applications
Applications

Applications that the specified users and groups have permission to access

Select Apply this rule to all applications to select all applications.

Enable Application Access Control

After you configure the identity provider and specify access control policy rules, you must enable dashboard access control by selecting the Yes option from the dashboard.

Application Access Control tab showing that access control is enabled

Generate Access Token

After application access control is enabled, users that are specified in the access control policy rules can generate a bearer access token. For more information about generating an access token, see the Google documentation for Using OAuth 2.0 for Web Server Applications.

Client programs use this access token in the HTTP authorization header when making a request to the server using the MATLAB Production Server RESTful API. The format for this header is Authorization:Bearer <access token>.

Related Topics