With update 1.208 comes new functional, "You can now add users via UI or REST API additionally in LDAP or SSO mode in order to pre-configure their permissions before they sign-in first time."
Ok, it is fine. But our company uses for automated user management Cluster API v1, part /users(PUT POST DELETE). Also we use SSO-authorization.
After update from 1.206 to 1.208 we lost capabilty to manage our cluster user via API. Because of error 403, Operation forbidden - LOCAL authentication is turned off, users are updated during LDAP or SSO login.
Has anyone else encountered a similar problem?
Solved! Go to Solution.
Actually, we've fixed with 1.208 the REST API that you rely on. Previously we allowed to manipulate users/groups via REST API when automatic assignment of groups by LDAP/SSO was turned on - which is a bug - as no matter what you set via REST API it gets overwritten during user sign-in with the data returned from identity provider - LDAP or SSO.
To have this working properly - you need to turn off "automatic group assignment" in LDAP configuration screen or SSO - SAML/OpenID screen. With this setting then, user gets authenticated with LDAP/SSO but authorized (check groups permission) based on the configuration in Dynatrace.