Authentication and authorization requirements
For authentication, all ISS users must have an identity on the SSOP service.
For authorization on LSF: Users must meet the following requirements:
- Custom roles: These are roles that are created to address specific needs for security administrators and sub-administrators.
- Full ISS authorization, that is, users who can edit users and run a sync.
- ADM Profile
- All Access to SERVER
- Access types on the SERVER object can be used to limit access to specific tasks.
- ADM Profile
- RM Profile
- All Access to Resource
- Inquire access to Role and Group
- Access to ENV, GEN, LGN and application profile is NOT needed.
For authorization on Landmark: Users must meet the following requirements:
- Delivered roles:
- SecurityAdministrator_ST
- BasicAdminAccess_ST
Note: Without these roles, you can remove roles from Landmark users but you cannot add roles.