Specifying which custom attributes from an identity provider to use in IBM Cloud Pak for Data

Important: IBM Cloud Pak for Data Version 4.8 will reach end of support (EOS) on 31 July, 2025. For more information, see the Discontinuance of service announcement for IBM Cloud Pak for Data Version 4.X.

Upgrade to IBM Software Hub Version 5.1 before IBM Cloud Pak for Data Version 4.8 reaches end of support. For more information, see Upgrading from IBM Cloud Pak for Data Version 4.8 to IBM Software Hub Version 5.1.

After you add the attributes to the Identity Management Service, you must tell Cloud Pak for Data which attributes can be used to create dynamic user groups.

About this task

By default, the attributes-configmap ConfigMap for the instance includes the following attributes:
  • Location
  • Nationality
  • Organization
  • User type

To use additional attributes in dynamic user groups, you must add the attributes to the attributes_dictionary array in the attributes-configmap ConfigMap.

Each attribute must define the following properties:
Property Description
<uniqueID> A unique identifier for the attribute.
displayName The name of the attribute to display in the web client.
attribute_type The type of the attribute.

Only simple attributes are supported. Other attribute types are not supported.
type The data type of the attribute.

Only the string data type is supported. Other data types are not supported.
enabled Whether to display this attribute in the web client.

To use the attribute to create dynamic user groups, you must set this property to true.
path The path to the attribute.
  • If you are adding attributes from your IdP, you must specify the path to the attribute in the Identity Management Service.
  • If you are adding attributes from a custom attribute provider, you must specify the path to the attribute in the custom attribute provider.
The entry must have the following format:
      {
        "<uniqueID>": {
          "displayName": "<Display name>",
          "attribute_type": "simple",
          "type": "data-type",
          "enabled": true,
          "path":"<path-to-the-attribute>"
        },

Procedure

  1. Log in to Red Hat® OpenShift® Container Platform as a user with sufficient permissions to complete the task. 
    ${OC_LOGIN}
  2. Edit the attributes-configmap ConfigMap: 
    oc edit ConfigMap attributes-configmap \
--namespace=${PROJECT_CPD_INST_OPERANDS}
  3. Add the attributes to the attributes_dictionary array.

    In the following code, customAttribute1 is a sample custom attribute:

    apiVersion: v1
kind: ConfigMap
metadata:
  name: attributes-configmap
  namespace: PROJECT_CPD_INST_OPERANDS
data:
  attributes_dictionary: |-
    [
      {
        "location": {
          "displayName": "Location",
          "attribute_type": "simple",
          "type": "string",
          "enabled": true,
          "internal_only": false,
          "path":"location"
        },
        "nationality": {
          "displayName": "Nationality",
          "attribute_type": "simple",
          "type": "string",
          "enabled": true,
          "internal_only": false,
          "path":"nationality"
        },
        "organization": {
          "displayName": "Organization",
          "attribute_type": "simple",
          "type": "string",
          "enabled": true,
          "internal_only": false,
          "path":"organization"
        },
        "userType": {
          "displayName": "User Type",
          "attribute_type": "simple",
          "type": "string",
          "enabled": true,
          "internal_only": false,
          "path":"userType"
        },
        "customAttribute1": {
          "displayName": "Custom Attribute One",
          "attribute_type": "simple",
          "type": "string",
          "enabled": true,
          "path":"customAttribute1"
        }
      }
    ]
  4. Save your changes to the attributes-configmap ConfigMap.
  5. Restart the usermgmt pods for the changes to take effect: 
    oc delete pod -n ${PROJECT_CPD_INST_OPERANDS} -l component=usermgmt

What to do next

Now that you've added the custom attributes to the attributes-configmap ConfigMap, you can use the attributes to create dynamic user groups.