Feature Overview

Create a single user interface for SSO configuration that enables customer configuration SSO without access to underlying virtual machines / containers, configuration files, etc.

Background, and strategic fit

Ansible on Azure customers do not have access to the underlying infrastructure of AAP, which means that any configuration not exposed through web user interfaces is not exposed to them and effectively missing from the product.  Currently, to configure SSO for Private Automation Hub through Key Cloak, Red Hat SREs must be engaged to work with customers for SSO configuration, which is expensive and difficult to scale to a large customer base. 

A GUI-based configuration model (for self-installed AAP and AoC) enables the functional configuration of SSO without access to configuration files, etc. at the infrastructure level for a scalable and more user-friendly management model for SSO.  As AAP migrates to centralized authentication, the configuration of these components and users / group mapping, etc. exposed through a UI will prevent a similar circumstance with Automation Controller and other platform components over time.

(Optional) Use Cases

• As an Ansible on Azure customer I can configure SSO authentication for Automation Controller, Private Automation Hub, and other AAP tools (EDA) through a user interface so that I can connect my IDP to AAP without the need to engage an Ansible SRE. 

Assumptions

• AAP architecture is moving to centralized authentication components.
• This architecture expects to manage authentication and user/group mapping, while authorization still remains the responsibility of individual applications.
• AAP SSO configuration is not entirely exposed through a web-based UI.