This application, built on OpenUnison, is a self service portal for Red Hat's OpenShift and OKD. It provides a single interface for:
- Authentication via SAML2, multiple LDAP directories, add compliance acknowledgment, etc
- Self service portal for requesting access to and getting approval for individual projects
- Self service requests for gaining cluster level roles
- Support removing users' access
- Reporting
The portal runs inside of OpenShift, leveraging OpenShift for scalability and secret management.
The OpenUnison deployment stores all OpenShift access information as a group in OpenShift, as opposed to a group in an external directory. The only groups stored outside of OpenShift are approval groups which are stored in the relational database.
- Administration - Full cluster management access
- Admin - Can edit and deploy into a project, can not change project annotations
- View - Can view contents of a project, but can not make changes
- System Approver - Able to approve access to roles specific to OpenUnison
- Auditor - Able to view audit reports, but not request projects or approve access
Detailed deployment instructions are at https://github.com/TremoloSecurity/OpenUnison/wiki/OpenShift-Access-Portal
Now you can begin mapping OpenUnison's capabilities to your business and compliance needs. For instance you can add multi-factor authentication with TOTP or U2F, Create privileged workflows for onboarding, scheduled workflows that will deprovision users, etc.