Configure Dashboard Access Control Using Azure AD
MATLAB® Production Server™ administrators can use Microsoft® Azure® AD to configure role-based access control for the MATLAB Production Server Dashboard. Role-based access control allows administrators to grant access to specific areas of the dashboard to certain users or groups of users. For more information about the roles that the dashboard supports, see Dashboard Access Control.
To enable dashboard access control, configure Azure AD and specify access control policies, in consultation with the Azure AD administrator.
Configure Identity Provider
To configure Azure AD:
Log in to the dashboard to retrieve the redirect URI of the dashboard.
In the Azure portal, use the redirect URI to register the dashboard as a client application with the provider.
In the dashboard, enter values specific to the registered application and Azure AD.
Retrieve Redirect URI from Dashboard
To retrieve the redirect URI, start creating a configuration for Azure AD in the dashboard:
Navigate to either the Dashboard Access Control tab or the Manage Identity Providers tab.
Click Create and select Azure AD.
In Create Identity Provider for Dashboard Access Control, note the redirect URI of the dashboard.
Later, you return to this view to specify the values required to configure your identify provider in the dashboard.
Register Application in Azure Portal
Use the Azure portal to register a web client application for dashboard access control. When registering the application, use the redirect URI from the MATLAB Production Server dashboard. Typically, the Azure AD administrator registers the application.
Sign in to the Azure portal.
From Azure Active Directory, select App registrations and click New registration.
In the resulting pane, enter the name of the application (for example,
MATLAB Production Server Dashboard App
).For the Redirect URI, select Web. In the corresponding value field, enter the redirect URI of the dashboard and click Register. A web page displays the details of your registered application.
Click Manifest in the left navigation pane. In the JSON that is displayed in the resulting pane, set the value for
groupMembershipClaims
to"SecurityGroup"
. Click Save.
For more information on how to register an application, see the Microsoft Azure documentation.
Specify Values in Dashboard
In the Azure portal, find the values of the client application that you registered and enter them into the dashboard.
Sign in to the Azure portal.
From Azure Active Directory, select App registrations and then select the application that you registered for the dashboard. Copy the value from the Application (client) ID and paste it into the Client ID field in the dashboard.
From App registrations, select Certificates & secrets. Under Certificates & secrets, create a new client secret or use an existing one. Copy the value for the client secret and paste it into the Client Secret field in the dashboard.
From Azure Active Directory, select Properties. Copy the value from Directory (tenant) ID and paste it into the Tenant ID in the dashboard.
On the dashboard, click Create.
Specify Dashboard Access Control Policy
Before you can specify dashboard access control policies, you must have users and groups set up in Azure AD. Consult the Azure AD administrator for this setup.
The access control policies define areas of the dashboard that users or groups of users can access and tasks that they can perform in these areas. Use the policies to assign the manager and application author roles to users or groups of users in your organization by entering their Azure user names and group IDs into the dashboard.
Configure Users and Groups in Dashboard
In the Azure portal, find user names and group IDs and enter them into the dashboard.
Sign in to the Azure portal.
From Azure Active Directory and then Users. Copy the values for the user names and paste them into the Users field in the dashboard. Use a comma to separate multiple user names.
From Azure Active Directory and then Groups. Copy the values for the object IDs and paste them into the Groups field in the dashboard. Use a comma to separate multiple object IDs names.
On the dashboard, click Save.
Enable Dashboard Access Control
After you configure Azure AD and specify access control policies, you must enable dashboard access control by selecting the Yes option. After enabling dashboard access control, a dashboard login URL that supports single sign-on (SSO) becomes available. Share this URL with managers and application authors.