Authentication and authorization requirements

For authentication, all ISS users must have an identity on the SSOP service.

For authorization on LSF: Users must meet the following requirements:

  • Custom roles: These are roles that are created to address specific needs for security administrators and sub-administrators.
  • Full ISS authorization, that is, users who can edit users and run a sync.
    • ADM Profile
      • All Access to SERVER
      • Access types on the SERVER object can be used to limit access to specific tasks.
  • RM Profile
    • All Access to Resource
    • Inquire access to Role and Group
  • Access to ENV, GEN, LGN and application profile is NOT needed.
For authorization on Landmark: Users must meet the following requirements:
  • Delivered roles:
    • SecurityAdministrator_ST
    • BasicAdminAccess_ST
    Note: Without these roles, you can remove roles from Landmark users but you cannot add roles.