SOP-5-I-42Q-MES0152 Identity Access Management

From 42Q
Revision as of 02:33, 10 July 2020 by Helena wang (talk | contribs) (Created page with "<!-- Output copied to clipboard! --> <!----- NEW: Check the "Suppress top comment" option to remove this info from the output. Conversion time: 4.56 seconds. Using this HT...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


 

>>>>> gd2md-html alert: ERRORs: 0; WARNINGs: 0; ALERTS: 13.

  • See top comment block for details on ERRORs and WARNINGs.
  • In the converted Markdown or HTML, search for inline alerts that start with >>>>> gd2md-html alert: for specific instances that need correction.

Links to alert messages:

<a href="#gdcalert1">alert1</a>

<a href="#gdcalert2">alert2</a> <a href="#gdcalert3">alert3</a> <a href="#gdcalert4">alert4</a> <a href="#gdcalert5">alert5</a> <a href="#gdcalert6">alert6</a> <a href="#gdcalert7">alert7</a> <a href="#gdcalert8">alert8</a> <a href="#gdcalert9">alert9</a> <a href="#gdcalert10">alert10</a> <a href="#gdcalert11">alert11</a> <a href="#gdcalert12">alert12</a> <a href="#gdcalert13">alert13</a>

>>>>> PLEASE check and correct alert issues and delete this message and the inline alerts.


 

Identity Access Management

MES 15.6

Work Instruction

This Work Instruction is 42Q’s corporate standard.

This document is under revision control. The latest revision is located at Intranet.

Once printed it is an uncontrolled copy. All alterations to this work instruction require approval.

Contact the IT Global Education and Training Department to submit suggested alterations and or updates.

  1. Introduction

42Q IAM (Identity Access Management) is the unified login management to the MES portal; it provides adaptive solutions to support different policies and guarantee the authentication/authorization with a more secure mode.

This document introduces the three forms of authentications that are described below:

  • LDAP Authentication
  • Non-LDAP Authentication
  • SAML Authentication

When the user enters the MES Portal URL the system redirects to the unified login page:

Figure 1: IAM unified login page

 

>>>>> gd2md-html alert: inline image link here (to images/image1.png). Store image on your image server and adjust path/filename/extension if necessary.
(<a href="#">Back to top</a>)(<a href="#gdcalert2">Next alert</a>)
>>>>>

<img src="images/image1.png" width="" alt="alt_text" title="image_tooltip">

 

  1. LDAP Authentication

42Q IAM supports LDAP authentication; for example, the user name helena_wang is an LDAP user account.

As displayed in the image below:

Figure 2: LDAP Account

>>>>> gd2md-html alert: inline image link here (to images/image2.png). Store image on your image server and adjust path/filename/extension if necessary.
(<a href="#">Back to top</a>)(<a href="#gdcalert3">Next alert</a>)
>>>>> <img src="images/image2.png" width="" alt="alt_text" title="image_tooltip">

To access the MES Portal, follow the steps below:

  1. Enter the LDAP account (e.g. helena_wang ) in the Username field at the unified login page.
  2. Select the Sign In button.

Figure 3: LDAP Account Login

>>>>> gd2md-html alert: inline image link here (to images/image3.png). Store image on your image server and adjust path/filename/extension if necessary.
(<a href="#">Back to top</a>)(<a href="#gdcalert4">Next alert</a>)
>>>>> <img src="images/image3.png" width="" alt="alt_text" title="image_tooltip">

  1. The system redirects to the MES Portal login page and the user can enter the user_name and password to sign in.

Figure 4: LDAP Account Login MES Portal

>>>>> gd2md-html alert: inline image link here (to images/image4.png). Store image on your image server and adjust path/filename/extension if necessary.
(<a href="#">Back to top</a>)(<a href="#gdcalert5">Next alert</a>)
>>>>> <img src="images/image4.png" width="" alt="alt_text" title="image_tooltip">

  1. Non-LDAP Authentication

42Q IAM supportsNon-LDAP authentication; in the example below, the user_name testuser00001 is oneNon-LDAP user.

Figure 5: Non-LDAP Account

>>>>> gd2md-html alert: inline image link here (to images/image5.png). Store image on your image server and adjust path/filename/extension if necessary.
(<a href="#">Back to top</a>)(<a href="#gdcalert6">Next alert</a>)
>>>>> <img src="images/image5.png" width="" alt="alt_text" title="image_tooltip">

To access the MES Portal, follow the steps below:

  1. Enter theNon-LDAP user account (e.g. testuser00001) in the Username field at the unified login page.
  2. Select the button Sign In.

Figure 6: Non-LDAP Account Login

>>>>> gd2md-html alert: inline image link here (to images/image6.png). Store image on your image server and adjust path/filename/extension if necessary.
(<a href="#">Back to top</a>)(<a href="#gdcalert7">Next alert</a>)
>>>>> <img src="images/image6.png" width="" alt="alt_text" title="image_tooltip">

  1. The system redirects the users to the MES Portal login page.

Figure 7: Non-LDAP Account Login MES Portal

>>>>> gd2md-html alert: inline image link here (to images/image7.png). Store image on your image server and adjust path/filename/extension if necessary.
(<a href="#">Back to top</a>)(<a href="#gdcalert8">Next alert</a>)
>>>>> <img src="images/image7.png" width="" alt="alt_text" title="image_tooltip">

  1. The users can now enter the username and password to login in MES portal.
  1. SAML Authentication

42Q IAM supports SAML authentication, this allows users to pass authorization credentials to the portal.

To access the MES Portal, follow the steps below:

  1. Enter the email address in the Username field at the unified login page.
  2. Select the button Sign In.

Note: If the email address is invalid, IAM will show the error message below.

Figure 8: Check Email Address

>>>>> gd2md-html alert: inline image link here (to images/image8.png). Store image on your image server and adjust path/filename/extension if necessary.
(<a href="#">Back to top</a>)(<a href="#gdcalert9">Next alert</a>)
>>>>> <img src="images/image8.png" width="" alt="alt_text" title="image_tooltip">

Note: The current version (IAM-15.63.1) only supports valid Sanmina (user@Sanmina.com) and 42Q (user@42-q.com) mail accounts.

For external users, the new landing page/IAM login page can be disabled (recommended).

Figure 9: Email Address Login

>>>>> gd2md-html alert: inline image link here (to images/image9.png). Store image on your image server and adjust path/filename/extension if necessary.
(<a href="#">Back to top</a>)(<a href="#gdcalert10">Next alert</a>)
>>>>> <img src="images/image9.png" width="" alt="alt_text" title="image_tooltip">

  1. The system redirects the users to the SAML authentication.

Figure 10: SAML authentication

>>>>> gd2md-html alert: inline image link here (to images/image10.png). Store image on your image server and adjust path/filename/extension if necessary.
(<a href="#">Back to top</a>)(<a href="#gdcalert11">Next alert</a>)
>>>>> <img src="images/image10.png" width="" alt="alt_text" title="image_tooltip">

  1. Enter the Username and Password, then select the Submit button.

Note: If the account has set the 2FA authentication, the 2FA passcode text field will pop-up.

Figure 11: 2FA Passcode

>>>>> gd2md-html alert: inline image link here (to images/image11.png). Store image on your image server and adjust path/filename/extension if necessary.
(<a href="#">Back to top</a>)(<a href="#gdcalert12">Next alert</a>)
>>>>> <img src="images/image11.png" width="" alt="alt_text" title="image_tooltip">

  1. The system redirects the users to the MES Portal/ 42Q platform main page when the account authenticates.

Figure 12: 42Q MES Portal main page

>>>>> gd2md-html alert: inline image link here (to images/image12.png). Store image on your image server and adjust path/filename/extension if necessary.
(<a href="#">Back to top</a>)(<a href="#gdcalert13">Next alert</a>)
>>>>> <img src="images/image12.png" width="" alt="alt_text" title="image_tooltip">

Note: If the message shown below appears on the screen; the users must select the optionssodev-sanm to go to the account authentication page and enter the username and password again to login to MES Portal.

Figure 13: Alter page

>>>>> gd2md-html alert: inline image link here (to images/image13.png). Store image on your image server and adjust path/filename/extension if necessary.
(<a href="#">Back to top</a>)(<a href="#gdcalert14">Next alert</a>)
>>>>> <img src="images/image13.png" width="" alt="alt_text" title="image_tooltip">

  1. Revision History
Date Author Title Version Change Reference Approved By
6/9/2020 Helena Wang Technical Writer A1 First Version of IAM  
6/22/2020 Helena Wang Technical Writer A1 Format and update some screenshots.  
6/22/2020 Marisol Vargas Technical Writer A1 Revision: structure, format, language; adding steps, and numbering.