- Notes, cautions, and warnings
- Preface
- Overview
- Deployment
- Getting started
- System configuration
- Configure network settings
- Manage users, roles, and scopes
- Ending user sessions
- Directory services integration
- Login using OIDC providers
- Security certificates
- Manage console settings
- Set the login security properties
- Customize the alert display
- Configure SMTP, SNMP, and Syslog
- Manage incoming alerts
- Manage warranty settings
- Configure remote commands and scripts
- OpenManage Mobile settings
- Enable or disable alert notifications for OpenManage Mobile
- Enable or disable OpenManage Mobile subscribers
- Delete an OpenManage Mobile subscriber
- View the alert notification service status
- Notification service status
- View information about OpenManage Mobile subscribers
- OpenManage Mobile subscriber information
- Troubleshooting OpenManage Mobile
- Discovering devices
- Server-initiated discovery
- Create a device discovery job
- Protocol support matrix for discovering devices
- View device discovery job details
- Edit a device discovery job
- Run a device discovery job
- Stop a device discovery job
- Discover multiple devices by .csv import
- Global exclusion of ranges
- Specify a discovery mode for server discovery
- Create a custom discovery job for servers
- Specify discovery mode for chassis discovery
- Create a custom discovery job for the chassis
- Specify discovery mode for Dell storage discovery
- Specify discovery mode for network switch discovery
- Create a custom discovery job for HTTPS storage devices
- Create a custom discovery job for SSH devices
- Create a custom discovery job for SNMP devices
- Specify the discovery mode for multiple discovery jobs
- Delete a device discovery job
- Managing devices and device groups
- Organize devices into groups
- Create a custom static or query group
- Create a static device group
- Create a query device group
- Edit a static group
- Edit a query group
- Rename a static or query group
- Delete a static or query device group
- Clone a static or query group
- Add devices to a new group
- Add devices to existing group
- Refresh health on group
- All Devices screen device list
- All Devices screen actions
- Delete devices from OpenManage Enterprise
- Exclude devices from OpenManage Enterprise
- Run inventory on devices
- Update the device firmware and drivers by using baselines
- Refresh the device health of a device group
- Refresh health on devices
- Roll back an individual device's firmware version
- Export the single device inventory
- Performing more actions on chassis and servers
- Hardware information displayed for MX7000 chassis
- Export data
- View and configure individual devices
- Run and download diagnostic reports
- Extract and download a Services report
- Managing individual device hardware logs
- Run remote commands on managed devices
- Launch the iDRAC device management application
- Launch the virtual console
- Attaching iDRAC virtual media
- Refresh device inventory of a single device
- View installed and available licenses on a device
- Organize devices into groups
- Managing device inventory
- Managing device firmware and drivers
- Managing device deployment templates
- Create a deployment template from a reference device
- Create a deployment template by importing a template file
- View a deployment template information
- Edit a server deployment template
- Edit a chassis deployment template
- Edit IOA deployment template
- Edit network properties of a deployment template
- Deploy device deployment templates
- Deploy IOA deployment templates
- Clone deployment templates
- Export a deployment template
- Delete deployment templates
- Auto deploy device configuration before discovery
- Create auto deployment targets
- Delete auto deployment targets
- Export auto deployed target details
- Overview of stateless deployment
- Define networks
- Edit or delete a configured network
- Export VLAN definitions
- Import network definitions
- Managing device warranty
- Managing alerts
- Managing MIB files
- Configuring profiles
- Configuration compliance
- Managing licenses
- Using jobs for device control
- Monitoring audit logs
- Monitoring reports
- Back up, restore, or migrate
- Updating the console and plugins
- Managing plugins
- Troubleshooting
- Troubleshooting connectivity
- Firmware and DSU requirements for HTTPS
- Firmware schedule reference
- Firmware baseline field definitions
- Supported and unsupported actions on proxied sleds
- Schedule job field definitions
- Alert categories after EEMI relocation
- Token substitution in remote scripts and alert policy
- Catalog Management field definitions
- Devices with unknown compliance status
- Device rediscovery running for a long time after deleting iDRAC service account
- Dell Connectivity Service : Failed with exception: Unable to get access token from DCS
OpenManage Enterprise 4.1.x User's Guide
Configure OIDC login using PingFederate
To enable OpenManage Enterprise OpenID Connect (OIDC) login using PingFederate, add and map a scope dxcua (Dell extended claim for user authentication) to the Client ID and define the user privileges.
About this task
CAUTION: User roles and scopes are reset to 'default' on client re-registration with the OIDC provider PingFederate (PingIdentity). This issue might reset the privileges and scope of nonadmin roles (DM and Viewer) to that of the Administrator. Re-registration of the appliance console with the OIDC provider is triggered during an appliance upgrade, change in network configuration, or change in SSL certificate.
To avoid security concerns post any of the above-mentioned re-registration events, the administrator must reconfigure all the OpenManage Enterprise Client IDs on the PingFederate site. Also, it is highly recommended that Client IDs are created only for Administrator users with Pingfederate till this issue is resolved.
NOTE: The default assigning algorithm should be RS256 (RSA Signature with SHA-256).
Steps
- Add an 'exclusive' or 'default' scope called dxcua under Scope Management in OAuth Settings.
-
Map the scope that is created in
using the following steps:
- Enable Include User info in Token.
- In the Attribute Scope, add the scope and attribute value as dxcua.
- In Contract fulfillment, add
dxcua and select the type as 'Text'. Then, define the user privileges for OpenManage Enterprise OpenID Connect provider login using one of the following attributes:
- Administrator: dxcua : [{“Role": "AD"}]
- Device Manager:
dxcua : [{“Role": "DM"}]
NOTE:To restrict access of the device manager to select device groups, say G1 and G2, in OpenManage Enterprise use dxcua : [{“Role": "DM", "Entity":"G1, G2"}].
- Viewer: dxcua : [{“Role": "VE"}]
- If an 'exclusive' scope is configured after the client registration in OpenManage Enterprise, edit the configured client in PingFederate and enable the created 'dxcua' exclusive scope.
- Dynamic client registration should be enabled in PingFederate for OpenManage Enterprise client registration. If the 'Require Initial access token' option is disabled on the OpenID Connect provider client settings, the registration works with Username and password. If the option is enabled, then the registration works only with the Initial Access token.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\