MATLAB® Production Server™ on Microsoft® Azure® lets server administrators use OpenID Connect (OIDC) identity providers such as Microsoft Azure Active Directory (Azure AD), Google® identity, PingFederate® from Ping Identity®, and others to configure role-based access control for the dashboard. Role-based access control allows administrators to grant a dashboard user the privileges to perform tasks on the dashboard based on their role.
The dashboard access control feature supports the following roles.
Application author — Application authors can upload and delete applications (deployable archives) and view logs.
Manager — Managers can edit server settings, configure access control for applications, manage persistence services, and have all the privileges of an application author, which include uploading and deleting applications and viewing logs.
Server administrator — Administrators can log in to server virtual machines and configure which users or groups of users can access the dashboard, and have all the privileges of a manager, which include editing server logs, configuring access control for applications, uploading and deleting applications, and viewing logs.
The following table shows the dashboard tabs that users with these roles can access.
|Role||Overview||Applications||Settings||Persistence||Manage Identity Providers||Application Access Control||Dashboard Access Control||Logs|
Only the server administrator can log in to the dashboard when dashboard access control is disabled or not configured. Only the server administrator has privileges to configure dashboard access control.
To enable dashboard access control for MATLAB Production Server, you must configure an identity provider and specify access control policies. The fields required to configure an identity provider vary based on the identity provider that you use. The access control policies define areas of the dashboard that users or groups of users can access and tasks that they can perform in these areas.
For information about configuring specific identity providers and policies, see:
After you configure the identity provider and specify access control policies, you must enable dashboard access control. After enabling dashboard access control, a dashboard login URL that supports single sign-on (SSO) becomes available. Share this URL with managers and application authors.